To “SAP BTP world”, XSUAA always play a critical role in the solution. Most developers are confusing how to parse the JWT token which come from IAS. This blog post will give you easy approach to resolve it. Suppose many blog posts writes get the JWT token with default idP. Nevertheless, the solutions regarding to bind self IAS seldom involved.

Prerequisites

Will not take time to explain critical words: Postman, XSUAA, JWT token, SAML2 response, etc. Let’s go straight.

  • Configure the IAS tenant with Subaccount
    Please configure the trust configuration between your subaccount and IAS tenant.
  • Install Postman
    Make sure install Postman on your desktop. Mostly, please upgrade to newer version.
  • Prepare your own BTP application Create xs-security.json file, and bind the XSUAA service instance in the MTA.yaml. Don’t rush to deploy it to CF runtime.

Register postman as SP client into XSUAA

Navigate to your project folder, open file xs-security.json. Add the section “https://oauth.pstmn.io/v1/callback” into chapter redirect-uris. This step is mandatory, XSUAA will not callback the client if it is un-registered in XSUAA.

{
  "xsappname": "vendor-dev",
  "tenant-mode": "dedicated",
  "scopes": [
    {
      "name": "$XSAPPNAME.Supplier",
      "description": "Supplier"
    }
  ],
  "attributes": [ ],
  "role-templates": [
    ...
  ],
  "oauth2-configuration": {
    "redirect-uris": [
      "https://*.btpdemo.cn40.apps.platform.sapcloud.cn/**",
      "https://oauth.pstmn.io/v1/callback"
    ]
  }
}

Deploy the BTP application to Cloud Foundry runtime

After the Client Postman registration, finish the application deployment correctly. Test the business user  which can logon the application with IAS tenant user correctly.

Initiate the post request in Postman

Define a new post request which point to your application. Navigate to Authorization tab, and then select OAuth2.0.

Get the required client, credential and OAuth token URL from XSUAA service instance/service key.

Label Value Comments
Token Name Define your own token name
Grant Type Authorization Code
Callback URL https://oauth.pstmn.io/v1/callback Keep Authorize using browser selected, the url will finalize it automatically.
Auth URL https://<oauth_url>/oauth/authorize This URL could be found in the service key with XSUAA service instance which bind with your application. Make sure add the suffix /oauth/authorize
Access Token URL https://<oauth_url>/oauth/token This URL could be found in the service key with XSUAA service instance which bind with your application. Make sure add the suffix /oauth/token
Client ID sb-vendor-dev!t1333 This URL could be found in the service key with XSUAA service instance which bind with your application.
Client Secret <client secret> This URL could be found it in the service key with XSUAA service instance which bind with your application.
Scope keep it empty
State keep it empty
Client Authentication Send as Basic Auth header

Get the JWT token

Click button Get New Access Token. It will navigate to browser to require logon.
Select IAS tenant logon, input your business user credential to complete the logon process. Click button Open Postman.

Navigate to Postman window, select Proceed.

And then select Use token.

As of now, we get the JWT token correctly, copy it to jwt.io parse it. You will read plain text JWT token.

Sara Sampaio

Sara Sampaio

Author Since: March 10, 2022

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x