Skip to Content
Sep 07, 2020 at 06:02 AM

Express Node.js Multi-tenant back end application with XSUAA with basic authentication.


Hi community,

I'm exploring the XUAA functionality from last 2 weeks and still haven't figured it out how to achieve my use case.

Task: Create Express REST APIs for /login and /signup. In the signup API the password and email should be stored in Hana database. The API should be multi tenant aware.

[DO NOT USE CDS(as we are moving our database from MongoDB to Hana Databse and only service layer need to be changed (I think))].

Solution I found after reading documentation: XUAA(for Authentication and scopes) and AppRouter (for tenant request switching).

My Problems:

  • As my password is saved in Hana Database, I don't know how to fetch them and use passport and XSUAA. I have done this in MongoDB but not sure how this SAP CF works, Haven't seen any examples on this as well.
  • App router(sort of front-end application) is used for tenant switching. Is it not possible to do that in the Express APIs itself? So i don't have to depend upon the front-end application. How can test my tenant aware applcation with postman? Is it even possible in the first place ?
  • Do I have to use XSUAA for doing basic authentication and achieving multitenancy? As I am using basic authentication it can be implemented with "passport" very easily.

Asking for Suggestions:

  • Should I use Basic Authentication? Or should I implement OAuth2?
  • If I implement OAuth2, how do I use the credentials stored in my Hana Database (Multi-tenant)?
  • Can I use CDS(not Odata) in my express just to handle authentication and multi-tenancy?