XSUAA End-to-End Tutorial


Code: app.get('/srv/authinfo', function (req, res) {res.status(200).json(req.authInfo);});

Decode the JTW

  1. Retrieve and copy the JWT (web token in JavaScript Object Notation [JSON] format)*
  2. Go to jwt.io to decode the token (and optionally the signature / public key

* Tip: Use the JSON Viewer Chrome extension to format the output.



Code: var isAuthorized = req.authInfo.checkScope('$XSAPPNAME.User');

Verify granted scopes:

  1. User Role
  2. Admin Role

Business logic returns "Forbidden" when no scope not found.

Grant roles Trial Home > TRAIL_ACCOUNT > PROVIDER/REGION > Security: Trust Configuration > sap.default > Assign Role Collection.