XSUAA End-to-End Tutorial

JWT

Code: app.get('/srv/authinfo', function (req, res) {res.status(200).json(req.authInfo);});

Decode the JTW

1. Retrieve and copy the JWT (web token in JavaScript Object Notation [JSON] format)^*
2. Go to jwt.io to decode the token (and optionally the signature / public key

^* Tip: Use the JSON Viewer Chrome extension to format the output.

Scopes

Code: var isAuthorized = req.authInfo.checkScope('$XSAPPNAME.User');

Verify granted scopes:

1. User Role
2. Admin Role

Business logic returns "Forbidden" when no scope not found.

Grant roles Trial Home > TRAIL_ACCOUNT > PROVIDER/REGION > Security: Trust Configuration > sap.default > Assign Role Collection.