search

SAP / cloud-sdk-js

Use the SAP Cloud SDK for JavaScript / TypeScript to reduce development effort when building applications on SAP Business Technology Platform that communicate with SAP solutions and services such as SAP S/4HANA Cloud, SAP SuccessFactors, and many others.
Apache License 2.0
162 stars 56 forks source link

Why is Cloud-sdk ignoring HMTL.ForwardAuthToken property with a NoAuthentication destination definition? #3634

Closed ptesny closed 1 year ago

ptesny commented 1 year ago

That's a sibling issue to the already one already reported here The context: using a NoAuthentication destination definition with the HMTL.ForwardAuthToken property set to true is a "classic" with SAP Approuter; For instance let's consider the following definition:

          - Name: poster-instance
            Description: poster-instance (instance level destination)
            URL: https://poster.mydomain.com
            Type: HTTP
            ProxyType: Internet
            Authentication: NoAuthentication

            HTML5.ForwardAuthToken: "true"
            HTML5.DynamicDestination: "true"

When used with SAP Approuter in a route the Approuter will read the value of HMTL.ForwardAuthToken and if it is true it will forward the current user jwt token to the business url in the destination definition in the authorization header. 


data:
  xs-app.json: |-
    {
      "welcomeFile": "index.html",
      "authenticationMethod": "route",
      "routes": [

        {
          "source": "^/poster-fr/(.*)$",
          "target": "$1",
          "authenticationType": "xsuaa",
          "scope": "openid",
          "destination": "poster-instance"
        }
        ,
        {
          "source": "/(.*)",
          "authenticationType": "xsuaa",
          "scope": "$XSAPPNAME.User",
          "localDir": "resources"
        }
      ]
    }

However, cloud-sdk simply ignores the HMTL.ForwardAuthToken property; and if the above destination is used in a call to executeHttpRequest that will result in 401 error;

Is it by design ?

deekshas8 commented 1 year ago

Hi @ptesny ,

The SDK currently do not support the HMTL5.ForwardAuthToken property. We will create a backlog item for this feature request. I cannot promise when this can be done.

Could you please share your time line for the request, is it a blocker for you?

Regards, Deeksha

ptesny commented 1 year ago

Hi @deekshas8 , thanks for confirming my findings. Re the timeline question: it is not that much about whether this is a blocker or not; It is about having a consistent behaviour across SAP libraries.

On a side note, if the BTP destination service documentation implied that when having this property the oauth token is supposed to be sent to the target then I'd rather qualify it as a bug... my 2 cents

ptesny commented 1 year ago

@deekshas8 , any news on when this is going to be fixed ?

marikaner commented 1 year ago

Hey @ptesny, I am glad to let you know that we have implemented the token forwarding for all kinds of destinations now, you will find some more detailed documentation here soon: https://sap.github.io/cloud-sdk/docs/js/features/connectivity/destinations#forwarding-auth-tokens. (For a preview you can take a look at this pull request). You can use both forwardAuthToken and HTML5.ForwardAuthToken to activate this behavior.