I'm exploring the XUAA functionality from last 2 weeks and still haven't figured it out how to achieve my use case.
Task: Create Express REST APIs for /login and /signup. In the signup API the password and email should be stored in Hana database. The API should be multi tenant aware.
[DO NOT USE CDS(as we are moving our database from MongoDB to Hana Databse and only service layer need to be changed (I think))].
Solution I found after reading documentation: XUAA(for Authentication and scopes) and AppRouter (for tenant request switching).
- As my password is saved in Hana Database, I don't know how to fetch them and use passport and XSUAA. I have done this in MongoDB but not sure how this SAP CF works, Haven't seen any examples on this as well.
- App router(sort of front-end application) is used for tenant switching. Is it not possible to do that in the Express APIs itself? So i don't have to depend upon the front-end application. How can test my tenant aware applcation with postman? Is it even possible in the first place ?
- Do I have to use XSUAA for doing basic authentication and achieving multitenancy? As I am using basic authentication it can be implemented with "passport" very easily.
Asking for Suggestions:
- Should I use Basic Authentication? Or should I implement OAuth2?
- If I implement OAuth2, how do I use the credentials stored in my Hana Database (Multi-tenant)?
- Can I use CDS(not Odata) in my express just to handle authentication and multi-tenancy?