Technical Articles

July 8, 2020 2 minute read

How To Update XSUAA Service Instance to Accept Multiple Redirect URIs

Introduction

Fastest way to develop UI5 applications is for sure on local machine. In that case the XSUAA cloud instance may be used by starting a local approuter on localhost:5000 by default. This configuration is made via the default-services.json file that is auto-read by approuter on start and expands the VCAP_SERVICES which of course is found only on Cloud Foundry landscape or is set with a manual enviroment variable.

For local development, when using an existing SAP Cloud Platform XSUAA service instance, the localhost domain is not accepted by default as a valid redirect uri. For security reasons we need to add explicit permission to xsuaa for redirection after a successful login to a localhost url used for local development. (or other uri)

The error displayed after login on the xsuaa page is :

Invalid redirect <url> did not match one of the registered values

Approuter & XSUAA

Approuter is the entry point for multi target applications that need authorization and have multiple modules (ui, backend) that need to scale and reuse the same OAuth2 token. The whole process of token check and client credentials flow to retrive the token in the UI application is handled by the approuter.

More details on npmjs @sap/approuter

The configuration for routes of the approuter is done via the xs-app.json file.

The xs-security.json file is specific to the xsuaa instance !

Once deployed the instance configuration may be updated.

The `xs-security.json` file

Tipical xs-security.json file looks like this :

More details may be found in the help page

{
    "xsappname": "node-hello-world",
    "scopes": [
      	{
            "name": "$XSAPPNAME.Display",
            "description": "display"
        },
        {
            "name": "$XSAPPNAME.Edit",
            "description": "edit"
        },
        {
            "name": "$XSAPPNAME.Delete",
            "description": "delete"
        }
    ],
    "attributes": [
      	{
            "name": "Country",
            "description": "Country",
            "valueType": "string"
        },
        {
            "name": "CostCenter",
            "description": "CostCenter",
            "valueType": "int"
        }
    ],
    "role-templates": [
      	{
            "name": "Viewer",
            "description": "View all books",
            "scope-references": [
                "$XSAPPNAME.Display"
            ],
            "attribute-references": ["Country"]
        },
        {
            "name": "Editor",
            "description": "Edit, delete books",
            "scope-references": [
                "$XSAPPNAME.Edit",
                "$XSAPPNAME.Delete"
            ],
            "attribute-references": [
                "Country",
                "CostCenter"
            ]
        }
    ]
}

Create a service instance

First check the xsuaa plans available

cf marketplace -s xsuaa

For example purposes I will use the application plan

cf create-service xsuaa application myappxsuaa -c xs-security.json

Update the `xs-security.json` file

{
    "xsappname": "node-hello-world",
    "scopes": [
      	{
            "name": "$XSAPPNAME.Display",
            "description": "display"
        },
        {
            "name": "$XSAPPNAME.Edit",
            "description": "edit"
        },
        {
            "name": "$XSAPPNAME.Delete",
            "description": "delete"
        }
    ],
    "attributes": [
      	{
            "name": "Country",
            "description": "Country",
            "valueType": "string"
        },
        {
            "name": "CostCenter",
            "description": "CostCenter",
            "valueType": "int"
        }
    ],
    "role-templates": [
      	{
            "name": "Viewer",
            "description": "View all books",
            "scope-references": [
                "$XSAPPNAME.Display"
            ],
            "attribute-references": ["Country"]
        },
        {
            "name": "Editor",
            "description": "Edit, delete books",
            "scope-references": [
                "$XSAPPNAME.Edit",
                "$XSAPPNAME.Delete"
            ],
            "attribute-references": [
                "Country",
                "CostCenter"
            ]
        }
    ],
    "oauth2-configuration": {
        "redirect-uris": [
            "https://www.myappurl.com/login/callback",
            "http://localhost:5000/login/callback"
        ]
    }
}

Update the service instance

Run the update command :

cf update-service myappxsuaa -p application -c xs-security.json

Conclusions

This article is based on personal experience.

This is a short summary of the the documentation files regarding xsuaa and approuter use.

Tested with SAP Cloud Platform Trial – Cloud Foundry Environment

Reference & Credits :

https://help.sap.com/viewer/4505d0bdaf4948449b7f7379d24d0f0d/2.0.03/en-US/e00eadf291424e49935b460d2f2b3902.html

https://blogs.sap.com/2020/04/03/sap-application-router/

https://developers.sap.com/tutorials/cp-connectivity-consume-odata-service-approuter.html

https://blogs.sap.com/2020/05/12/set-up-cap-application-behind-sap-webdispatcher/

3 Comments

You must be Logged on to comment or reply to a post.

Mike Doyle

July 9, 2020 at 12:38 pm

Thanks Radu Constantin Simen this blog was really useful. One question, when you say

The configuration for routes of the approuter is done via the neo-app.json file.

Don't you mean xs-app.json?

Radu Constantin Simen

Blog Post Author

July 10, 2020 at 9:19 am

You're right Mike : it's name is xs-app.json in the new versions of approuter.

Syed Abdul Imran

July 1, 2021 at 4:42 am

Thank Radu,

you saved my day