Skip to Content
Technical Articles

How To Update XSUAA Service Instance to Accept Multiple Redirect URIs

Introduction

Fastest way to develop UI5 applications is for sure on local machine. In that case the XSUAA cloud instance may be used by starting a local approuter on localhost:5000 by default. This configuration is made via the default-services.json file that is auto-read by approuter on start and expands the VCAP_SERVICES which of course is found only on Cloud Foundry landscape or is set with a manual enviroment variable.

For local development, when using an existing SAP Cloud Platform XSUAA service instance, the localhost domain is not accepted by default as a valid redirect uri. For security reasons we need to add explicit permission to xsuaa for redirection after a successful login to a localhost url used for local development. (or other uri)

The error displayed after login on the xsuaa page is :

Invalid redirect <url> did not match one of the registered values

 

Approuter & XSUAA

Approuter is the entry point for multi target applications that need authorization and have multiple modules (ui, backend) that need to scale and reuse the same OAuth2 token. The whole process of token check and client credentials flow to retrive the token in the UI application is handled by the approuter.

More details on npmjs @sap/approuter

The configuration for routes of the approuter is done via the xs-app.json file.

The xs-security.json file is specific to the xsuaa instance !

Once deployed the instance configuration may be updated.

 

The xs-security.json file

Tipical xs-security.json file looks like this :

More details may be found in the help page

{
    "xsappname": "node-hello-world",
    "scopes": [
      	{
            "name": "$XSAPPNAME.Display",
            "description": "display"
        },
        {
            "name": "$XSAPPNAME.Edit",
            "description": "edit"
        },
        {
            "name": "$XSAPPNAME.Delete",
            "description": "delete"
        }
    ],
    "attributes": [
      	{
            "name": "Country",
            "description": "Country",
            "valueType": "string"
        },
        {
            "name": "CostCenter",
            "description": "CostCenter",
            "valueType": "int"
        }
    ],
    "role-templates": [
      	{
            "name": "Viewer",
            "description": "View all books",
            "scope-references": [
                "$XSAPPNAME.Display"
            ],
            "attribute-references": ["Country"]
        },
        {
            "name": "Editor",
            "description": "Edit, delete books",
            "scope-references": [
                "$XSAPPNAME.Edit",
                "$XSAPPNAME.Delete"
            ],
            "attribute-references": [
                "Country",
                "CostCenter"
            ]
        }
    ]
}

Create a service instance

First check the xsuaa plans available

cf marketplace -s xsuaa

For example purposes I will use the application plan

cf create-service xsuaa application myappxsuaa -c xs-security.json

 

Update the xs-security.json file

{
    "xsappname": "node-hello-world",
    "scopes": [
      	{
            "name": "$XSAPPNAME.Display",
            "description": "display"
        },
        {
            "name": "$XSAPPNAME.Edit",
            "description": "edit"
        },
        {
            "name": "$XSAPPNAME.Delete",
            "description": "delete"
        }
    ],
    "attributes": [
      	{
            "name": "Country",
            "description": "Country",
            "valueType": "string"
        },
        {
            "name": "CostCenter",
            "description": "CostCenter",
            "valueType": "int"
        }
    ],
    "role-templates": [
      	{
            "name": "Viewer",
            "description": "View all books",
            "scope-references": [
                "$XSAPPNAME.Display"
            ],
            "attribute-references": ["Country"]
        },
        {
            "name": "Editor",
            "description": "Edit, delete books",
            "scope-references": [
                "$XSAPPNAME.Edit",
                "$XSAPPNAME.Delete"
            ],
            "attribute-references": [
                "Country",
                "CostCenter"
            ]
        }
    ],
    "oauth2-configuration": {
        "redirect-uris": [
            "https://www.myappurl.com/login/callback",
            "http://localhost:5000/login/callback"
        ]
    }
}

 

Update the service instance

Login to CF and choose the org and space where you have created the instance.

Run the update command :

cf update-service myappxsuaa -p application -c xs-security.json

Conclusions

This article is based on personal experience.

This is a short summary of the the documentation files regarding xsuaa and approuter use.

Tested with SAP Cloud Platform Trial – Cloud Foundry Environment

Reference & Credits :

https://help.sap.com/viewer/4505d0bdaf4948449b7f7379d24d0f0d/2.0.03/en-US/e00eadf291424e49935b460d2f2b3902.html

https://blogs.sap.com/2020/04/03/sap-application-router/

https://developers.sap.com/tutorials/cp-connectivity-consume-odata-service-approuter.html

https://blogs.sap.com/2020/05/12/set-up-cap-application-behind-sap-webdispatcher/

 

2 Comments
You must be Logged on to comment or reply to a post.