Skip to Content

Preventing Authorization pop-up in app/ui layer (CAP development)

Hi Team,

While implementing Authorization in a 3-tiered CAP application (app, srv, db), I am facing certain issues in seamlessly integrating the UI layer with Service layer. The steps are as follows:

  1. Created a security profile (xs-security.json) :
  "xsappname": "MYAPP",
  "tenant-mode": "dedicated",
  "scopes": [
      "name": "$XSAPPNAME.admin",
      "description": "admin"
  "attributes": [],
  "role-templates": [
      "name": "admin",
      "description": "generated",
      "scope-references": [
      "attribute-references": []

2. Created a UAA instance and provided the above security profile as parameters

3. Bound the UAA to both the service and app layer in MTA

4. Created the Roles and Role Collection in the sub-account and assigned it to my user

5. In the xs-app.json file of the app/ui layer, provided the following route and made the authenticationMethod as Route:

 "source": "^/(.*)$",
 "target": "$1",
 "destination": "srv_api",
 "scope": {
 "GET":[ "$XSAPPNAME.admin" ]
 "authenticationType": "xsuaa",
 "csrfProtection": false

6. In my service layer, provided a cds service which requires the admin authorization specified in the previous steps:
service AdminService @(requires:'admin'){ .... }

7. When I access my application, though it successfully authenticates you when you first log in, the service call prompts the below pop-up:

Moreover, in the service layer, it shows the user as "anonymous" despite the fact that I logged in with my SAP ID.

My questions are:

1. How to prevent the above pop-up and allow the logged in roles and scopes to automatically call the service

2. Why is the user showing as "anonymous" in my srv layer. Should I specify some connection other than UAA to integrate my app and srv layer

Requesting your inputs,

Thanks & Regards,


uaa-popup.png (55.0 kB)
Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • Posted on Jul 23, 2020 at 03:00 PM

    Please try if you get my bookshop-demo application to work and apply the same to your application.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 25, 2020 at 06:35 AM

    I guess you should check your destination configuration in the app module in your mta.yaml if you forward the auth token to the srv module:

      - name: bookshop-demo-app
        type: nodejs
        path: app
          memory: 256M
          disk-quota: 1024M
         - name: bookshop-demo-uaa
         - name: srv_api
           group: destinations
              forwardAuthToken: true # <-- required to forward the JWT token from app router to srv module
              strictSSL: false
              name: srv_api
              url: ~{url}
    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 27, 2020 at 09:09 AM

    Hi Harish,

    Additional to the answer by Sebastian Esch, please also check your app's auth settings. There are different defaults for authentication strategy in development and production environments (cf. Running in WebIDE means your in development environment (if you don't specifically set to production).


    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.