search

SAP / cloud-sdk-js

Use the SAP Cloud SDK for JavaScript / TypeScript to reduce development effort when building applications on SAP Business Technology Platform that communicate with SAP solutions and services such as SAP S/4HANA Cloud, SAP SuccessFactors, and many others.
Apache License 2.0
162 stars 56 forks source link

Why do I still need to have xsuaa dependancy for the SDK when using identity service (no xsuaa) in my application ? #4731

Open ptesny opened 4 months ago

ptesny commented 4 months ago

Why do I still need to have xsuaa dependancy for the SDK when using identity service (no xsuaa) in my application ?

Error: Could not find binding to the XSUAA service.

Worth saying, the same destination is working fine with approuter configured with ias service only

PS. cloud sdk call stack

2024-06-03T16:32:28.335063727Z [2024-06-03T16:32:28.334Z] DEBUG    (env-destination-accessor): Attempting to retrieve destination from environment variable.
2024-06-03T16:32:28.335190480Z [2024-06-03T16:32:28.335Z] DEBUG    (env-destination-accessor): No environment variable set.
2024-06-03T16:32:28.342651818Z [2024-06-03T16:32:28.342Z] DEBUG    (environment-accessor): Could not find binding to service 'xsuaa', that includes credentials.
2024-06-03T16:32:28.342751192Z [2024-06-03T16:32:28.342Z] ERROR    (register-destination): Could neither determine tenant from JWT nor service binding to XSUAA, although a JWT was passed. Destination will be registered without tenant information.
2024-06-03T16:32:28.343076697Z [2024-06-03T16:32:28.342Z] DEBUG    (jwt): JWT user_id is: undefined.
2024-06-03T16:32:28.343196725Z [2024-06-03T16:32:28.343Z] DEBUG    (jwt): JWT zid is: tenant_id.
2024-06-03T16:32:28.343318321Z [2024-06-03T16:32:28.343Z] DEBUG    (register-destination): Could not retrieve 'saas-sm' from registered destinations.
2024-06-03T16:32:28.343445520Z [2024-06-03T16:32:28.343Z] DEBUG    (destination-accessor-vcap): Attempting to retrieve destination from service binding.
2024-06-03T16:32:28.368568731Z [2024-06-03T16:32:28.368Z] DEBUG    (environment-accessor): Could not find binding to service 'xsuaa', that includes credentials.
2024-06-03T16:32:28.368837716Z [2024-06-03T16:32:28.368Z] DEBUG    (destination-accessor-vcap): Could not retrieve destination from service binding. If you are not using SAP Extension Factory, this information probably does not concern you. Cannot destructure property 'zid' of 'undefined' as it is undefined.
2024-06-03T16:32:28.368960003Z [2024-06-03T16:32:28.368Z] DEBUG    (destination-accessor-service): Attempting to retrieve destination from destination service.
2024-06-03T16:32:28.376769986Z [2024-06-03T16:32:28.376Z] DEBUG    (environment-accessor): Could not find binding to service 'xsuaa', that includes credentials.
2024-06-03T16:32:28.377061043Z ErrorWithCause: Failed to load destination.
2024-06-03T16:32:28.377076262Z     at /usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:50:15
2024-06-03T16:32:28.377078394Z     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-06-03T16:32:28.377080347Z     at async resolveDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:49:33)
2024-06-03T16:32:28.377082408Z     at async /usr/src/app/function/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:69:37
2024-06-03T16:32:28.377084383Z     at async main (/usr/src/app/function/handler.js:725:21)
2024-06-03T16:32:28.377086414Z Caused by:
2024-06-03T16:32:28.377088158Z Error: Could not find binding to the XSUAA service.
2024-06-03T16:32:28.377089882Z     at getXsuaaServiceCredentials (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/environment-accessor/xsuaa.js:16:15)
2024-06-03T16:32:28.377091573Z     at exchangeToken (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/identity-service.js:37:91)
2024-06-03T16:32:28.377093595Z     at DestinationFromServiceRetriever.getDestinationFromDestinationService (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:49:70)
2024-06-03T16:32:28.377095548Z     at getDestinationFromDestinationService (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:37:44)
2024-06-03T16:32:28.377097322Z     at getDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:73:84)
2024-06-03T16:32:28.377099012Z     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-06-03T16:32:28.377100849Z     at async resolveDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:49:33)
2024-06-03T16:32:28.377102631Z     at async /usr/src/app/function/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:69:37
2024-06-03T16:32:28.377104789Z     at async main (/usr/src/app/function/handler.js:725:21)

@marikaner https://github.com/SAP/cloud-sdk-js/issues/4762

deekshas8 commented 3 months ago

Hi @ptesny , By default the iasToXsuaaTokenExchange option is true. This requires an XSUAA binding, which might be the cause of the error in your case. Please set it to false and see if that resolves it.

ptesny commented 3 months ago

I did, but this does not help with the destinations that require a valid user jwt or the destinations created from mapped service bindings, for instance:

a. an OAuth2SAMLBearerAssertion destination a user jwt is mandatory

2024-06-10T14:29:25.447082959Z [2024-06-10T14:29:25.446Z] DEBUG    (destination-accessor-service): Successfully retrieved destination from destination service.
2024-06-10T14:29:25.447742762Z 2024-06-10T14:29:25.447Z faas-srv:* /srv/dest Failed to load destination. ErrorWithCause: Failed to load destination.
2024-06-10T14:29:25.447755972Z     at /usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:50:15
2024-06-10T14:29:25.447759553Z     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-06-10T14:29:25.447762009Z     at async resolveDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:49:33)
2024-06-10T14:29:25.447764736Z     at async /usr/src/app/function/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:69:37
2024-06-10T14:29:25.447766966Z     at async main (/usr/src/app/function/handler.js:1155:30)
2024-06-10T14:29:25.447769012Z Caused by:
2024-06-10T14:29:25.447771033Z Error: Failed to verify the JWT with no JKU! Destination must have `x_user_token.jwks` or `x_user_token.jwks_uri` property.
2024-06-10T14:29:25.447773121Z     at DestinationFromServiceRetriever.checkDestinationForCustomJwt (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:99:19)
2024-06-10T14:29:25.447775689Z     at DestinationFromServiceRetriever.getAuthTokenForOAuth2UserBasedTokenExchanges (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:183:45)
2024-06-10T14:29:25.447777910Z     at DestinationFromServiceRetriever.fetchDestinationWithUserExchangeFlows (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:227:34)
2024-06-10T14:29:25.447780055Z     at DestinationFromServiceRetriever.getDestinationFromDestinationService (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:70:30)
2024-06-10T14:29:25.447782125Z     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-06-10T14:29:25.447784240Z     at async getDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:73:10)
2024-06-10T14:29:25.447786508Z     at async resolveDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:49:33)
2024-06-10T14:29:25.447789242Z     at async /usr/src/app/function/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:69:37

b. faas-dest-x509 is a mapped destination service binding

2024-06-10T14:26:37.842628537Z [2024-06-10T14:26:37.842Z] DEBUG    (destination-accessor-service): Could not retrieve destination from destination service.
2024-06-10T14:26:37.842990634Z Error: Failed to resolve the destination 'name: faas-dest-x509'.
2024-06-10T14:26:37.843002302Z     at resolveDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:53:15)
2024-06-10T14:26:37.843004530Z     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-06-10T14:26:37.843008852Z     at async /usr/src/app/function/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:69:37

@deekshas8

marikaner commented 3 months ago

@ptesny

Just to repeat my understanding of your issue:

Is that correct? If yes as of today this is possible if you do the following:

We are currently improving this so that you don't need to pass the iss, you can expect this with the next release.

I am only aware of these 2 ways to send along a JWT bearer token that is accepted by the destination service:

Please let me know if my understanding is incorrect.