Skip to Content
May 01, 2020 at 04:28 PM

XSUAA Protected Service from Mobile Services


Hello all,

I created a CAP based application and deployed it to my Cloud Foundry space.
Everything is protected by XSUAA and works like a charm, no issues so far.

Now i would like to reference this service from a Mobile Application created using Mobile Services (CloudFoundry).

I got immediately stuck, because XSUAA protection starts to act weirdly.

Forwarding the authentication does not work, because mobile service application generates its own UAA service and whenever the authentication token is forwarded to the CAP Application the answer is:

Client ID <mobile_service_UAA_ClientID> does not match <CAP_UAA_ClientID>

I tried to bind the mobile service UAA to my application following this perfect blog: no luck either, the XSUAA login page does not let me in. The XSUAA log in the approuter says:

Invalid JWT Token

I then tried to create the destination in the mobile cockpit, setting OAuth2ClientCredentials security method.
Still, it doesn.'t work, the destination test fails.

Finished sending GET request to back end$metadata?auth=uaa in 419 ms. HTTP status from the back end is 401. 

I switched the backend security to "Basic Authentication" for the time being, but was anybody able to connect to a CAP-based service with XSUAA protection from MobileServices?