Skip to Content
Feb 11, 2020 at 03:05 PM

Secure Nodejs app with OAuth Client Credentials Flow on CF

447 Views Last edit Feb 17, 2020 at 07:16 AM 3 rev


I'm trying to secure a NodeJS / CAPm app to be called by an external REST Client using xsuaa service. OAuth Flows using User Credentials (Like my S-User / Business Users) are working. Like it is described here:

But when I try to get a Bearer Token using Client Credentials Flow, the scopes I need to call my app are missing. I've bound a xsuaa instance to my approuter and node app using the credentials provided for the OAuth call. Only scope uaa.resouce is provided and when I request scopes of my app, they are not allowed.

Is there any tutorial how to do this or do you have any idea what I've done wrong?