Skip to Content
1
Feb 11, 2020 at 03:05 PM

Secure Nodejs app with OAuth Client Credentials Flow on CF

447 Views Last edit Feb 17, 2020 at 07:16 AM 3 rev

Hi,

I'm trying to secure a NodeJS / CAPm app to be called by an external REST Client using xsuaa service. OAuth Flows using User Credentials (Like my S-User / Business Users) are working. Like it is described here:

https://blogs.sap.com/2018/08/31/how-to-get-an-access-token-from-the-xsuaa-service-for-external-api-accesses-using-the-password-grant-with-client-and-user-credentials-method/

But when I try to get a Bearer Token using Client Credentials Flow, the scopes I need to call my app are missing. I've bound a xsuaa instance to my approuter and node app using the credentials provided for the OAuth call. Only scope uaa.resouce is provided and when I request scopes of my app, they are not allowed.

Is there any tutorial how to do this or do you have any idea what I've done wrong?

Best
Alex