I'm trying to secure a NodeJS / CAPm app to be called by an external REST Client using xsuaa service. OAuth Flows using User Credentials (Like my S-User / Business Users) are working. Like it is described here:
But when I try to get a Bearer Token using Client Credentials Flow, the scopes I need to call my app are missing. I've bound a xsuaa instance to my approuter and node app using the credentials provided for the OAuth call. Only scope uaa.resouce is provided and when I request scopes of my app, they are not allowed.
Is there any tutorial how to do this or do you have any idea what I've done wrong?