Skip to Content
Technical Articles
Author's profile photo Gopal Anand

Enabling Authentication and Authorization in SAP-Cloud-sdk for JavaScript/Nest.js

If you already know about cloud SDK or nestjs, you can jump directly to code section.

Why Cloud SDK JavaScript?

The SAP Cloud SDK supports you end-to-end when developing applications that communicate with SAP solutions and services such as SAP S/4HANA Cloud, SAP SuccessFactors, and many others.

Using the SDK, you can reduce your effort when developing an application on SAP Business Technology Platform by building on best practices delivered by the SDK. The SDK provides JavaScript libraries, project templates, and a continuous delivery toolkit.

Under the hood, Cloud SDK uses the Nest.js framework.

What is Nest.js?

With elements of OOP, Functional Programming, Functional Reactive Programming, JavaScript is now letting developers avoid the high learning curve faced in learning JAVA or others, also use one language for frontend and backend boosting dev process. 

PS. I love JavaScript ❤

Nest provides an out-of-the-box application architecture that allows developers and teams to create highly testable, scalable, loosely coupled, and easily maintainable applications. The architecture is heavily inspired by Angular

Talks apart, if you are trying out Cloud SDK/NestJs for learning or development purposes, enabling authentication might sound challenging there as going through the documentation might make you think you need to create a middleware or a guard to handle authentication and authorization.

Here’s How to implement authentication and authorization. ??

1.To create a project you can use the command sap-cloud-sdk init <projectName>/ nest init <projectName>.(Click here to see how to Get Started)

2. Open the app.ts and add the following code:

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';

import { getServices } from '@sap/xsenv';
const xsuaa = getServices({ xsuaa: { tag: 'xsuaa' } }).xsuaa;

import * as passport from 'passport';
import { JWTStrategy } from '@sap/xssec';
passport.use(new JWTStrategy(xsuaa));

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.use(passport.authenticate('JWT', { session: false }));
  await app.listen(process.env.PORT || 3000);

This will initialize a passport with JWTStreatgy. You already have enabled authentication at this stage.

learn  about  authentication and authorization with @sap/xssec.

3. To check authorization/check for scopes you can follow the below snippet. open app.controller.ts?

import { Controller, Get, Req, HttpException, HttpStatus } from '@nestjs/common';
import { AppService } from './app.service';
export class AppController {
  constructor(private readonly appService: AppService) { }

  getHello(@Req() req: any): any {
@Req() lets you access the request headers
    const isAuthorized = req.authInfo.checkLocalScope('YourScope');//auth check
    if (isAuthorized) {
      return req.user;
    } else {
      return new HttpException('Forbidden', HttpStatus.FORBIDDEN);

We are done with the implementation. Fireworks!!! ??. the @sap/xssec package saved us from all the efforts needed if we were supposed to create a custom middleware.


Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ravi Suresh Mashru
      Ravi Suresh Mashru

      I had created middleware that calls the xssec.createSecurityContext method, but this is much cleaner. Thanks for sharing! 🙂