To "SAP BTP world", XSUAA always play a critical role in the solution. Most developers are confusing how to parse the JWT token which come from IAS. This blog post will give you easy approach to resolve it. Suppose many blog posts writes get the JWT token with default idP. Nevertheless, the solutions regarding to bind self IAS seldom involved.
Will not take time to explain critical words: Postman, XSUAA, JWT token, SAML2 response, etc. Let's go straight.
Navigate to your project folder, open file xs-security.json. Add the section "https://oauth.pstmn.io/v1/callback" into chapter redirect-uris. This step is mandatory, XSUAA will not callback the client if it is un-registered in XSUAA.
{
"xsappname": "vendor-dev",
"tenant-mode": "dedicated",
"scopes": [
{
"name": "$XSAPPNAME.Supplier",
"description": "Supplier"
}
],
"attributes": [ ],
"role-templates": [
...
],
"oauth2-configuration": {
"redirect-uris": [
"https://*.btpdemo.cn40.apps.platform.sapcloud.cn/**",
"https://oauth.pstmn.io/v1/callback"
]
}
}
After the Client Postman registration, finish the application deployment correctly. Test the business user which can logon the application with IAS tenant user correctly.
Define a new post request which point to your application. Navigate to Authorization tab, and then select OAuth2.0.
Get the required client, credential and OAuth token URL from XSUAA service instance/service key.
Label | Value | Comments |
---|---|---|
Token Name | Define your own token name | |
Grant Type | Authorization Code | |
Callback URL | https://oauth.pstmn.io/v1/callback | Keep Authorize using browser selected, the url will finalize it automatically. |
Auth URL | https://<oauth_url>;/oauth/authorize | This URL could be found in the service key with XSUAA service instance which bind with your application. Make sure add the suffix /oauth/authorize |
Access Token URL | https://<oauth_url>;/oauth/token | This URL could be found in the service key with XSUAA service instance which bind with your application. Make sure add the suffix /oauth/token |
Client ID | sb-vendor-dev!t1333 | This URL could be found in the service key with XSUAA service instance which bind with your application. |
Client Secret | <client secret> | This URL could be found it in the service key with XSUAA service instance which bind with your application. |
Scope | keep it empty | |
State | keep it empty | |
Client Authentication | Send as Basic Auth header |
Click button Get New Access Token. It will navigate to browser to require logon.
Select IAS tenant logon, input your business user credential to complete the logon process. Click button Open Postman.
Navigate to Postman window, select Proceed.
And then select Use token.
As of now, we get the JWT token correctly, copy it to jwt.io parse it. You will read plain text JWT token.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
39 | |
25 | |
17 | |
13 | |
7 | |
7 | |
7 | |
7 | |
6 | |
6 |