Introduction
Fastest way to develop UI5 applications is for sure on local machine. In that case the XSUAA cloud instance may be used by starting a local approuter on localhost:5000 by default. This configuration is made via the default-services.json file that is auto-read by approuter on start and expands the VCAP_SERVICES which of course is found only on Cloud Foundry landscape or is set with a manual enviroment variable.
For local development, when using an existing SAP Cloud Platform XSUAA service instance, the localhost domain is not accepted by default as a valid redirect uri. For security reasons we need to add explicit permission to xsuaa for redirection after a successful login to a localhost url used for local development. (or other uri)
The error displayed after login on the xsuaa page is :
Invalid redirect <url> did not match one of the registered values
Approuter & XSUAA
Approuter is the entry point for multi target applications that need authorization and have multiple modules (ui, backend) that need to scale and reuse the same OAuth2 token. The whole process of token check and client credentials flow to retrive the token in the UI application is handled by the approuter.
More details on npmjs @sap/approuter
The configuration for routes of the approuter is done via the xs-app.json file.
The xs-security.json file is specific to the xsuaa instance !
Once deployed the instance configuration may be updated.
The xs-security.json file
Tipical xs-security.json file looks like this :
More details may be found in the help page
{
"xsappname": "node-hello-world",
"scopes": [
{
"name": "$XSAPPNAME.Display",
"description": "display"
},
{
"name": "$XSAPPNAME.Edit",
"description": "edit"
},
{
"name": "$XSAPPNAME.Delete",
"description": "delete"
}
],
"attributes": [
{
"name": "Country",
"description": "Country",
"valueType": "string"
},
{
"name": "CostCenter",
"description": "CostCenter",
"valueType": "int"
}
],
"role-templates": [
{
"name": "Viewer",
"description": "View all books",
"scope-references": [
"$XSAPPNAME.Display"
],
"attribute-references": ["Country"]
},
{
"name": "Editor",
"description": "Edit, delete books",
"scope-references": [
"$XSAPPNAME.Edit",
"$XSAPPNAME.Delete"
],
"attribute-references": [
"Country",
"CostCenter"
]
}
]
}Create a service instance
First check the xsuaa plans available
cf marketplace -s xsuaaFor example purposes I will use the application plan
cf create-service xsuaa application myappxsuaa -c xs-security.json
Update the xs-security.json file
{
"xsappname": "node-hello-world",
"scopes": [
{
"name": "$XSAPPNAME.Display",
"description": "display"
},
{
"name": "$XSAPPNAME.Edit",
"description": "edit"
},
{
"name": "$XSAPPNAME.Delete",
"description": "delete"
}
],
"attributes": [
{
"name": "Country",
"description": "Country",
"valueType": "string"
},
{
"name": "CostCenter",
"description": "CostCenter",
"valueType": "int"
}
],
"role-templates": [
{
"name": "Viewer",
"description": "View all books",
"scope-references": [
"$XSAPPNAME.Display"
],
"attribute-references": ["Country"]
},
{
"name": "Editor",
"description": "Edit, delete books",
"scope-references": [
"$XSAPPNAME.Edit",
"$XSAPPNAME.Delete"
],
"attribute-references": [
"Country",
"CostCenter"
]
}
],
"oauth2-configuration": {
"redirect-uris": [
"https://www.myappurl.com/login/callback",
"http://localhost:5000/login/callback"
]
}
}
Update the service instance
Login to CF and choose the org and space where you have created the instance.
Run the update command :
cf update-service myappxsuaa -p application -c xs-security.jsonConclusions
This article is based on personal experience.
This is a short summary of the the documentation files regarding xsuaa and approuter use.
Tested with SAP Cloud Platform Trial – Cloud Foundry Environment
Reference & Credits :
https://blogs.sap.com/2020/04/03/sap-application-router/
https://developers.sap.com/tutorials/cp-connectivity-consume-odata-service-approuter.html
https://blogs.sap.com/2020/05/12/set-up-cap-application-behind-sap-webdispatcher/
Thanks Radu Constantin Simen this blog was really useful. One question, when you say
Don’t you mean xs-app.json?
You’re right Mike : it’s name is xs-app.json in the new versions of approuter.