Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send JWT Bearer token in Authorization when consuming services #53

Open
gregorwolf opened this issue Mar 16, 2020 · 3 comments
Open

Send JWT Bearer token in Authorization when consuming services #53

gregorwolf opened this issue Mar 16, 2020 · 3 comments

Comments

@gregorwolf
Copy link
Contributor

Hello CAP Team,

in my sample project controller-api I try to consume the SAP HANA XSA Controller REST API with CAP. @jung-thomas has described how to access the API in the blogpost SAP HANA XSA Controller API Interaction. There you find also his GitHub project: controllerAPI and links to the API documentation.

In my project I've tried several approaches to get to the goal. First I've tried my luck with the approach documented in Consuming Services - Sending Requests:

      const controllerAPI = cds.connect.to('controller-config')
      console.log("JWT: " + req.attr.token)
      const tx = controllerAPI.transaction(req)
      response = await tx.get('/v2/users')

as the API endpoint expects authentication with a JWT sent in the Authorization header as a Bearer token as this header isn't sent.

My next try was the executeHttpRequest method of the SAP Cloud SDK for JavaScript that @sacnl described in the post New Versions of SAP Cloud SDK: 2.19.1 for Java, 1.6.1 for JavaScript, and v22 of Continuous Delivery Toolkit:

      const destinationNameAndJwt = { destinationName: 'controller-config', jwt: req.attr.token};
      const httpRequest = {
          method: HttpMethod.GET,
          url: "/v2/users"
      };
      response = await executeHttpRequest(destinationNameAndJwt, httpRequest)

But also here the JWT wasn't sent to the backend. So I finally used:

      const destinationNameAndJwt = { destinationName: 'controller-config', jwt: req.attr.token};
      const httpRequest = {
        method: HttpMethod.GET,
        url: "/v2/users"
      };

      var config = await addDestinationToRequestConfig(destinationNameAndJwt, httpRequest)
      // Providing the destinationNameAndJwt does not have the effect to send the token so we add it manually
      config.headers = {"Authorization": "Bearer " + req.attr.token}
      response = await axios(config)

where I manually add the token to the Authorization header.

I hope the handling of service requests that don't use basic authentication will be improved.

Best regards
Gregor
@yevgentrukhin
Copy link

Was this fixed?

@HeneryHawk
Copy link

Hi @gregorwolf
did you get your first example working?

      const controllerAPI = cds.connect.to('controller-config')
      console.log("JWT: " + req.attr.token)
      const tx = controllerAPI.transaction(req)
      response = await tx.get('/v2/users')

Did you manage to get the JWT passed to the external service?

Regards
Simon

@sreehari-pillai-atom
Copy link

Hi @gregorwolf did you get your first example working?

      const controllerAPI = cds.connect.to('controller-config')
      console.log("JWT: " + req.attr.token)
      const tx = controllerAPI.transaction(req)
      response = await tx.get('/v2/users')

Did you manage to get the JWT passed to the external service?

Regards Simon

I was trying the same and stuck at the same point. Any luck ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gregorwolf @yevgentrukhin @HeneryHawk @sreehari-pillai-atom