Open ptesny opened 4 months ago
Hi @ptesny ,
By default the iasToXsuaaTokenExchange option is true
. This requires an XSUAA binding, which might be the cause of the error in your case.
Please set it to false
and see if that resolves it.
I did, but this does not help with the destinations that require a valid user jwt or the destinations created from mapped service bindings, for instance:
a. an OAuth2SAMLBearerAssertion destination a user jwt is mandatory
2024-06-10T14:29:25.447082959Z [2024-06-10T14:29:25.446Z] [34mDEBUG[39m (destination-accessor-service): Successfully retrieved destination from destination service.
2024-06-10T14:29:25.447742762Z 2024-06-10T14:29:25.447Z faas-srv:* /srv/dest Failed to load destination. ErrorWithCause: Failed to load destination.
2024-06-10T14:29:25.447755972Z at /usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:50:15
2024-06-10T14:29:25.447759553Z at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-06-10T14:29:25.447762009Z at async resolveDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:49:33)
2024-06-10T14:29:25.447764736Z at async /usr/src/app/function/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:69:37
2024-06-10T14:29:25.447766966Z at async main (/usr/src/app/function/handler.js:1155:30)
2024-06-10T14:29:25.447769012Z Caused by:
2024-06-10T14:29:25.447771033Z Error: Failed to verify the JWT with no JKU! Destination must have `x_user_token.jwks` or `x_user_token.jwks_uri` property.
2024-06-10T14:29:25.447773121Z at DestinationFromServiceRetriever.checkDestinationForCustomJwt (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:99:19)
2024-06-10T14:29:25.447775689Z at DestinationFromServiceRetriever.getAuthTokenForOAuth2UserBasedTokenExchanges (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:183:45)
2024-06-10T14:29:25.447777910Z at DestinationFromServiceRetriever.fetchDestinationWithUserExchangeFlows (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:227:34)
2024-06-10T14:29:25.447780055Z at DestinationFromServiceRetriever.getDestinationFromDestinationService (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-from-service.js:70:30)
2024-06-10T14:29:25.447782125Z at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-06-10T14:29:25.447784240Z at async getDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:73:10)
2024-06-10T14:29:25.447786508Z at async resolveDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:49:33)
2024-06-10T14:29:25.447789242Z at async /usr/src/app/function/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:69:37
b. faas-dest-x509
is a mapped destination service binding
2024-06-10T14:26:37.842628537Z [2024-06-10T14:26:37.842Z] [34mDEBUG[39m (destination-accessor-service): Could not retrieve destination from destination service.
2024-06-10T14:26:37.842990634Z Error: Failed to resolve the destination 'name: faas-dest-x509'.
2024-06-10T14:26:37.843002302Z at resolveDestination (/usr/src/app/function/node_modules/@sap-cloud-sdk/connectivity/dist/scp-cf/destination/destination-accessor.js:53:15)
2024-06-10T14:26:37.843004530Z at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-06-10T14:26:37.843008852Z at async /usr/src/app/function/node_modules/@sap-cloud-sdk/http-client/dist/http-client.js:69:37
@deekshas8
@ptesny
Just to repeat my understanding of your issue:
OAuth2SAMLBearerAssertion
.Is that correct? If yes as of today this is possible if you do the following:
iasToTokenExchange
to falseiss
in the options with the subdomain of your BTP account when executing the requestx_user_token.jwks
or x_user_token.jwks_uri
as well as credentials for IASWe are currently improving this so that you don't need to pass the iss
, you can expect this with the next release.
I am only aware of these 2 ways to send along a JWT bearer token that is accepted by the destination service:
Please let me know if my understanding is incorrect.
Why do I still need to have xsuaa dependancy for the SDK when using identity service (no xsuaa) in my application ?
Error: Could not find binding to the XSUAA service.
Worth saying, the same destination is working fine with approuter configured with ias service only
PS. cloud sdk call stack
@marikaner https://github.com/SAP/cloud-sdk-js/issues/4762