Hi CAP experts!
I developed a CAP app that works fine via browser. It contains db, srv, app and approuter modules. My service are annotated with @(requires: 'authenticated-user').
Once deployed to cf, by calling the approuter I'm asked to log in and then I'm redirected to the services. So it works as expected.
My problem begins when calling my services from SAP Mobile Cards. My Mobile Services service is running on Cloud Foundry also.
I created a destination in Mobile Services (SAP Mobile Cards / Features / Mobile Connectivity) pointing to my approuter url with sso mechanism "Forward Authentication" and "Forward User Token To AppRouter" checked. As mentioned in https://help.sap.com/viewer/468990a67780424a9e66eb096d4345bb/Cloud/en-US/c5896a6238ae4f11a4f0d37d483340f0.html:
"When the Forward Authentication SSO mechanism is configured for an end point, the checkbox Forward User Token To AppRouter appears. Select the checkbox to enable. When enabled, the user token is forwarded to the app-router application as an x-approuter-authorization header."
As expected, when refreshing on mobile cards app deck, I receive the JWT in the approuter, in the header x-approuter-authorization and the request is forward to the service layer, but I always get an 401 error. The error comes with the annotation @(requires: 'authenticated-user'), because if removed the error desappears. So it seems the approuter receives the jwt but the service layer doesn't know how to manage it correctly.
Any suggestions? Should I use another sso type in my destination?
Thanks in advance!