search

SAP / cloud-sdk-java

Use the SAP Cloud SDK for Java to reduce development effort when building applications on SAP Business Technology Platform that communicate with SAP solutions and services such as SAP S/4HANA Cloud, SAP SuccessFactors, and many others.
Apache License 2.0
21 stars 9 forks source link

Missing replacement for ScpCfAuthTokenFacade when upgrade from version4 to version5 #468

Closed sap-real-estate closed 1 month ago

sap-real-estate commented 1 month ago

As mentioned in https://github.wdf.sap.corp/MA/sdk/issues/8763, we are current migrating from v4 to v5, however in v4 we were extending ScpCfAuthTokenFacade class, however when I unfolded section from your migration guide, there is no description about whether they are removed or replaced.

sap-real-estate commented 1 month ago

One other class LocalScopePrefixProvider, in your documentation it says for this class there is no replacement, what does it mean? It means we should not use it anymore?

newtork commented 1 month ago

in v4 we were extending ScpCfAuthTokenFacade class

We don't have this documented, likely because this is some special overloading/customization of base-classes. Although it is a public, non-final, unsealed class - usually you would implement an interface instead of extending a platform-specific base-class.

You could use DefaultAuthTokenFacade instead. We migrated the remaining code to this new class. All logic to ensure token validation was dropped.

One other class LocalScopePrefixProvider, in your documentation it says for this class there is no replacement, what does it mean?

SAP Cloud SDK no longer validates auth tokens from incoming web requests. Therefore any logic to parse the token is no longer available. However since AuthToken#getJwt() returns a DecodedJWT, you can easily extract any data provided.

It means we should not use it anymore?

If you used the API before to extract scope information from the provided JWT, then yes you need to change your code and extract it yourself.