0

I want to get user info and authorities but could not find any interface. But there is an interface called AuthTokenAccessor in package com.sap.cloud.sdk.cloudplatform.security. I could get JWT token but could not parse it due to lack of information e.g. sign key.

String token = AuthTokenAccessor.getCurrentToken().getJwt().getToken();

In SAP Cloud SDK version 2.0, there is an interface UserAccessor which can meet the requirements but seems it is gone in version 3.X.

Could you suggest how to do it in version 3.0 and above?

Update

PrincipalAccessor interface is the answer. But authorizations returned are empty. I am using App router to access backend restful APIs.

 Set<Authorization> authorizations = principal.getAuthorizations();
 log.info("Authentication set is empty:" + authorizations.isEmpty());

SDK version is 3.15.1.

Remote debugging. Attributes and authorizations are both empty. enter image description here

Jerry Zhang
  • 179
  • 3
  • 13
  • What does `new DefaultLocalScopePrefixProvider().getLocalScopePrefix()` return for you? It is used internally to resolve the scope prefix specifically for your application. The method takes the information from your application XSUAA service binding and reads the "xsappname" JSON property. Can you share the "scope" value of the JWT? Its within the _base64_ encoded String. – Alexander Dümont Mar 25 '20 at 12:26
  • What does the following statement return for you...? `new LocalScopePrefixExtractor(null).getAuthorizations(AuthTokenAccessor.getCurrentToken().getJwt());` In order to investigate the issue, you can monitor the `DEBUG` log messages from class `com.sap.cloud.sdk.cloudplatform.security.principal.LocalScopePrefixExtractor` At runtime, this class extracts the "scope" claim from JWT as a list of strings. It compares the local scope prefix for each scope item, if it fits then the Principal will be given the scope value (without the prefix) as authorization. – Alexander Dümont Mar 25 '20 at 12:26
  • Thank you Alexander. You are right. Only those authorizations which has prefix "xsuaaname" will be kept. Default scopes (openid, user_attributes) will be filtered. – Jerry Zhang Mar 26 '20 at 02:30

1 Answers1

1

Please use PrincipalAccessor instead. UserAccessor has been merged into the more generic PrincipalAccessor.

Also, while migrating from v2 to v3 of the Cloud SDK, please refer to this migration guide. You can also find release notes of the SDK here.

Ksivakumar
  • 188
  • 1
  • 7