Skip to Content
Technical Articles
Author's profile photo Sandeep Malhotra
Sandeep Malhotra
April 3, 2023 1 minute read

SAP CAP JWT Token Flow in code

Objective – To understand when JWT token is generated and passed to the req object in CAP service ( req.headers.authorization)

XSUAA is responsible for Authentication and generating the JWT Token. However, Approuter forwards the JWT Token to the service. Once  the user get authenticated with XSUAA  by App-router. App-Router will pass JWT Token to the ODATA service

Assumption – Audience has basic understanding of SAP BTP , Cloud-Foundry

Following are the basic components used

 Component Usage
Odata Service To print JWT token
XSUAA Generate JWT Token
Approuter Read the JWT Token and pass it to  ODATA service

 

Github Public Repository Link 

URL https://github.com/Sandeep-Malhotra/cap-test-jwt

 

Following different branches are created to understand the use of XSUAA , Approuter

 

Branch Name
Purpose
without-uaa
App without XSUAA service
with-uaa
App with XSUAA service but without Approuter
with-approuter
App with XSUAA service and Approuter

Steps

  • Create a directory
mkdir cap-test-jwt
  •  Create the project inside the directory
cds init
  • Create a service in the service folder and its handler too

Only function import is added the service which returns the JWT token as a string

@path: '/test'
service TestService {
    function getJWTToken() returns String
};

 

const cds = require('@sap/cds');
module.exports = async function () {
    this.on("getJWTToken", async (req) => {
        //  As Approuter module and XSUAA service is added
        //  That is why JWT Token is returned after user got authenticated by Approuter from UAA service
        let sToken = "";
        if (req.headers.authorization) {
            sToken = req.headers.authorization;
        }
        return sToken;

    })
}

 

  • Deploy the service to the CF by running the script defined in package.json file

 

npm run deploy​

 

  • Run the Service
/test/getJWTToken()

 

Till now , neither XSUAA service nor App-router is added.  Therefore , req.headers.authorization will be undefined

 

  • Add XSUAA service
cds add xsuaa

 

  • Run the service after deployment ( Refer steps of deployment and running described previously)

 

Till now , no App-router is added but XSUAA service is added .  Again , req.headers.authorization will be undefined

 

  • Add App-router service
cds add approuter

 

  • Run the service with approuter URL after deployment ( Refer steps of deployment and running described previously)

 

Once approuter is added, req.headers.authorization will have the JWT Token .

 

Last but not least , code can run locally by creating the Default-Env.json file .

cf de cap-test-jwt-srv

 

In the App folder also copy the default-env.json but add the destination in order to route the call to local running service at the top most property

  "destinations": [
    {
      "name": "srv-api",
      "url": "http://localhost:4004",
      "forwardAuthToken": true
    }
  ],

 

 

Hope this helps the readers.
Happy Coding !!
Further Reading link

 

 

 

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.