Using Postman to parse XSUAA JWT token which comes...

former_member681427 · ‎03-09-2023

To "SAP BTP world", XSUAA always play a critical role in the solution. Most developers are confusing how to parse the JWT token which come from IAS. This blog post will give you easy approach to resolve it. Suppose many blog posts writes get the JWT token with default idP. Nevertheless, the solutions regarding to bind self IAS seldom involved.

Prerequisites

Will not take time to explain critical words: Postman, XSUAA, JWT token, SAML2 response, etc. Let's go straight.

Configure the IAS tenant with Subaccount
Please configure the trust configuration between your subaccount and IAS tenant.

Install Postman
Make sure install Postman on your desktop. Mostly, please upgrade to newer version.

Prepare your own BTP application Create xs-security.json file, and bind the XSUAA service instance in the MTA.yaml. Don't rush to deploy it to CF runtime.

Register postman as SP client into XSUAA

Navigate to your project folder, open file xs-security.json. Add the section "https://oauth.pstmn.io/v1/callback" into chapter redirect-uris. This step is mandatory, XSUAA will not callback the client if it is un-registered in XSUAA.

{

  "xsappname": "vendor-dev",

  "tenant-mode": "dedicated",

  "scopes": [

    {

      "name": "$XSAPPNAME.Supplier",

      "description": "Supplier"

    }

  ],

  "attributes": [ ],

  "role-templates": [

    ...

  ],

  "oauth2-configuration": {

    "redirect-uris": [

      "https://*.btpdemo.cn40.apps.platform.sapcloud.cn/**",

      "https://oauth.pstmn.io/v1/callback"

    ]

  }

}

Deploy the BTP application to Cloud Foundry runtime

After the Client Postman registration, finish the application deployment correctly. Test the business user which can logon the application with IAS tenant user correctly.

Initiate the post request in Postman

Define a new post request which point to your application. Navigate to Authorization tab, and then select OAuth2.0.

Get the required client, credential and OAuth token URL from XSUAA service instance/service key.

Label	Value	Comments
Token Name	Define your own token name
Grant Type	Authorization Code
Callback URL	https://oauth.pstmn.io/v1/callback	Keep Authorize using browser selected, the url will finalize it automatically.
Auth URL	https://<oauth_url>;`/oauth/authorize`	This URL could be found in the service key with XSUAA service instance which bind with your application. Make sure add the suffix `/oauth/authorize`
Access Token URL	https://<oauth_url>;`/oauth/token`	This URL could be found in the service key with XSUAA service instance which bind with your application. Make sure add the suffix `/oauth/token`
Client ID	sb-vendor-dev!t1333	This URL could be found in the service key with XSUAA service instance which bind with your application.
Client Secret	<client secret>	This URL could be found it in the service key with XSUAA service instance which bind with your application.
Scope		keep it empty
State		keep it empty
Client Authentication		Send as Basic Auth header

Get the JWT token

Click button Get New Access Token. It will navigate to browser to require logon.
Select IAS tenant logon, input your business user credential to complete the logon process. Click button Open Postman.

Navigate to Postman window, select Proceed.

And then select Use token.

As of now, we get the JWT token correctly, copy it to jwt.io parse it. You will read plain text JWT token.