XS-APP.JSON
{
"welcomeFile": "app.js",
"authenticationMethod": "route",
"routes": [
{
"source": "^/user-api(.*)",
"target": "$1",
"service": "sap-approuter-userapi",
"authenticationType": "xsuaa",
"scope": "$XSAPPNAME.Admin"
},
{
"source": "^/(.*)",
"authenticationType": "xsuaa",
"localDir": "resources"
}
]
}
app.js file
const express = require('express');
const xsenv = require('@sap/xsenv');
const passport = require('passport');
const JWTStrategy = require('@sap/xssec').JWTStrategy;
const app = express();
// Load environment variables from .env
xsenv.loadEnv();
// Use xsenv.getServices({ xsuaa: { tag: 'xsuaa' } }) to get XSUAA service configuration
passport.use(new JWTStrategy(xsenv.getServices({ xsuaa: { tag: 'xsuaa' } }).xsuaa));
app.use(passport.initialize());
app.use(passport.authenticate('JWT', { session: false }));
app.get('/', function (req, res, next) {
console.log("Authenticated Request Reached...");
// Log the entire JWT payload
console.log("JWT Payload:", req.authInfo);
// Check for the required scope
const requiredScope = 'approuter-kyma-xsuaa.Display';
const isAuthorized = req.authInfo.checkScope(requiredScope);
if (isAuthorized) {
console.log(`Authorization success. User: ${req.user.id}, Path: '/'.`);
res.send(`Application user: ${req.user.id}`);
} else {
console.log(`Authorization failed. User: ${req.user.id}, Path: '/'.`);
res.status(403).send('Forbidden');
}
});
const port = process.env.PORT || 8086;
app.listen(port, function () {
console.log(`myapp listening on port ${port}`);
});
"Hello community,
I am currently working with SAP BTP Kyma Runtime and aiming to bind XSUAA details in the deployment YAML file to enable API authentication from the Kyma runtime. Any blogs or references on this topic would be highly appreciated.
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
name: approuter-kyma-binding
spec:
serviceInstanceName: approuter-in-kyma
secretName: approuter-kyma-binding
externalName: approuter-kyma-uaa
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: router
labels:
app: router
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: router
version: v1
template:
metadata:
labels:
app: router
version: v1
spec:
containers:
- name: router1
image: shobhittyagi1996/approuterimage5:latest
imagePullPolicy: Always
resources:
limits:
cpu: "250m"
memory: "128Mi"
requests:
cpu: "250m"
memory: "128Mi"
ports:
- containerPort: 8086
volumeMounts:
- name: approuter-kyma-uaa
mountPath: "/etc/secrets/sapcp/xsuaa/approuter-kyma"
readOnly: true
volumes:
- name: approuter-kyma-uaa
secret:
secretName: approuter-kyma-binding
---
apiVersion: v1
kind: Service
metadata:
name: router2
labels:
app: router
service: router
spec:
ports:
- port: 8086
name: http
selector:
app: router
---
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceInstance
metadata:
name: approuter-kyma
namespace: default
spec:
serviceOfferingName: xsuaa
servicePlanName: application
externalName: approuter-kyma-uaa
parameters:
xsappname: approuter-kyma-xsuaa
tenant-mode: dedicated
oauth2-configuration:
redirect-uris:
- "https://garden-kyma--c-32894c0-external/login/callback"
scopes:
- name: "approuter-kyma-xsuaa.Display"
description: Display
role-templates:
- name: admin
description: Admin
scope-references:
- "approuter-kyma-xsuaa.Display"
role-collections:
- name: Approuterkymauaa
description: kyma approuter role
role-template-references:
- "approuter-kyma-xsuaa.Display"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.