on 12-06-2021 11:35 AM
Dear community,
I'm trying to use the approuter to access a destination defined at instance/subaccount level (/ because I tried both without success) in a service to approuter scenario. I'm using this approach with the x-approuter-authorization header: https://www.npmjs.com/package/@sap/approuter#service-to-application-router
The thing is that it works if I use an authorization code oauth2 flow, it doesn't in case of client_credentials.
In case of client_credentials the flow works well in case of destination defined at environment level, not in case of service instance/subaccount. In this case it returns "500 Internal Server Error".
In the log I can see this: GET request to "service_accessible_via_destination" completed with status 500 401 - {\"error\":\"unauthorized\",\"error_description\":\"Unable to map issuer, https://"my_subdomain".authentication.eu20.hana.ondemand.com/oauth/token , to a single registered provider\"}
Do you know why?
Many thanks in advance,
Rossano
PS: Working just with the destination defined at environment level is not an option because of auth things
Not sure about the error message.
Sounds like you're working in 2 different subaccounts?
Or maybe using 2 different instances of XSUAA?
Error seems to indicate:
Security validation receives the JWT token
The JWT token contains the information about which XSUAA authorization server has issued the JWT token.
In your case, the https://"my_subdomain".authentication.eu20.hana.ondemand.com/oauth/token is not expected.
For whatever reason, maybe it helps to understand the problem?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Carlos,
many thanks! Yes the error sounds like I'm working with 2 different subaccounts but it's not 😞
In the meantime I opened a support request to SAP and they're working on it.
I will update the answer, maybe it can help other people.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.