0

I am using sap cloud sdk to request destination. VCAP_SERVICES is deployed in enviroment in docker. Here is my code to get destination

DestinationOptions options =
            DestinationOptions
                    .builder()
                    .augmentBuilder(
                            ScpCfDestinationOptionsAugmenter
                                    .augmenter()
                                    .retrievalStrategy(ScpCfDestinationRetrievalStrategy.SUBSCRIBER_THEN_PROVIDER))
                    .build();

Try<Destination> destination = DestinationAccessor.getLoader().tryGetDestination(destinationName, options);

Here is the vcap services as env virable in docker:

{
            "xsuaa": [
                {
                    "label": "xsuaa",
                    "provider": null,
                    "plan": "broker",
                    "name": "***",
                    "tags": [
                        "xsuaa"
                    ],
                    ...
                }
            ],
            "destination": [
                {
                    "label": "destination",
                    "provider": null,
                    "plan": "lite",
                    "name": "***",
                    "tags": [
                        "destination",
                        "conn",
                        "connsvc"
                    ],
                    ...
                    },
                    "syslog_drain_url": null,
                    "volume_mounts": []
                }
            ]
        }

Here is cloud sdk version:

implementation("com.sap.cloud.sdk:sdk-bom:3.59.0")
implementation("com.sap.cloud.sdk.cloudplatform:scp-cf:3.59.0")
implementation("com.sap.cds:cds-integration-cloud-sdk:1.21.0")
implementation("com.sap.cloud.sdk.cloudplatform:servlet:3.59.0")

When get destinations, cloud sdk has got client id, client secret, auth token url, zid from VCAP_SERVICES. However, we failed to request access_token. The error is 401 BAD request. enter image description here

Here is the debug information:| com.sap.cloud.sdk.cloudplatform.cache.CacheRuntimeException: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get destination. qm_1 | at com.sap.cloud.sdk.cloudplatform.cache.CacheUtil.lambda$wrapCallableAsFunction$0(CacheUtil.java:45) qm_1 | at com.github.benmanes.caffeine.cache.BoundedLocalCache.lambda$doComputeIfAbsent$14(BoundedLocalCache.java:2346) qm_1 | at java.base/java.util.concurrent.ConcurrentHashMap.compute(Unknown Source) qm_1 | at com.github.benmanes.caffeine.cache.BoundedLocalCache.doComputeIfAbsent(BoundedLocalCache.java:2344) qm_1 | at com.github.benmanes.caffeine.cache.BoundedLocalCache.computeIfAbsent(BoundedLocalCache.java:2327) qm_1 | at com.github.benmanes.caffeine.cache.LocalCache.computeIfAbsent(LocalCache.java:108) qm_1 | at com.github.benmanes.caffeine.cache.LocalManualCache.get(LocalManualCache.java:62) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationLoader.lambda$tryGetDestination$2ec57ad6$1(ScpCfDestinationLoader.java:117) qm_1 | at io.vavr.control.Try.of(Try.java:75) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationLoader.tryGetDestination(ScpCfDestinationLoader.java:116) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationLoaderChain.tryGetDestination(DestinationLoaderChain.java:84) qm_1 | at com.sap.om.print.service.impl.NotificationServiceImpl.pushNotification(NotificationServiceImpl.java:64) qm_1 | at com.sap.om.print.controller.QueueController.sendNotificationMessage(QueueController.java:197) qm_1 | at com.sap.om.print.controller.QueueController$$FastClassBySpringCGLIB$$c0a3b93.invoke(<generated>) qm_1 | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) qm_1 | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:779) qm_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) qm_1 | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) qm_1 | at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) qm_1 | at io.github.resilience4j.ratelimiter.RateLimiter.lambda$decorateCheckedSupplier$9076412b$1(RateLimiter.java:218) qm_1 | at io.github.resilience4j.ratelimiter.RateLimiter.executeCheckedSupplier(RateLimiter.java:839) qm_1 | at io.github.resilience4j.ratelimiter.RateLimiter.executeCheckedSupplier(RateLimiter.java:825) qm_1 | at io.github.resilience4j.ratelimiter.configure.RateLimiterAspect.handleJoinPoint(RateLimiterAspect.java:179) qm_1 | at io.github.resilience4j.ratelimiter.configure.RateLimiterAspect.proceed(RateLimiterAspect.java:142) qm_1 | at io.github.resilience4j.ratelimiter.configure.RateLimiterAspect.rateLimiterAroundAdvice(RateLimiterAspect.java:119) qm_1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) qm_1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) qm_1 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) qm_1 | at java.base/java.lang.reflect.Method.invoke(Unknown Source) qm_1 | at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) qm_1 | at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) qm_1 | at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) qm_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) qm_1 | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) qm_1 | at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) qm_1 | at io.github.resilience4j.circuitbreaker.CircuitBreaker.lambda$decorateCheckedSupplier$82a9021a$1(CircuitBreaker.java:73) qm_1 | at io.github.resilience4j.circuitbreaker.CircuitBreaker.executeCheckedSupplier(CircuitBreaker.java:834) qm_1 | at io.github.resilience4j.circuitbreaker.configure.CircuitBreakerAspect.defaultHandling(CircuitBreakerAspect.java:188) qm_1 | at io.github.resilience4j.circuitbreaker.configure.CircuitBreakerAspect.proceed(CircuitBreakerAspect.java:135) qm_1 | at io.github.resilience4j.circuitbreaker.configure.CircuitBreakerAspect.circuitBreakerAroundAdvice(CircuitBreakerAspect.java:112) qm_1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) qm_1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) qm_1 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) qm_1 | at java.base/java.lang.reflect.Method.invoke(Unknown Source) qm_1 | at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) qm_1 | at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) qm_1 | at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) qm_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) qm_1 | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) qm_1 | at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) qm_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) qm_1 | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) qm_1 | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:692) qm_1 | at com.sap.om.print.controller.QueueController$$EnhancerBySpringCGLIB$$54eb5301.sendNotificationMessage(<generated>) qm_1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) qm_1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) qm_1 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) qm_1 | at java.base/java.lang.reflect.Method.invoke(Unknown Source) qm_1 | at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:197) qm_1 | at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:141) qm_1 | at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106) qm_1 | at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:894) qm_1 | at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) qm_1 | at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) qm_1 | at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1060) qm_1 | at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:962) qm_1 | at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) qm_1 | at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) qm_1 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:497) qm_1 | at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) qm_1 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:584) qm_1 | at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) qm_1 | at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) qm_1 | at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93) qm_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) qm_1 | at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) qm_1 | at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) qm_1 | at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) qm_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) qm_1 | at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) qm_1 | at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) qm_1 | at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) qm_1 | at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) qm_1 | at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) qm_1 | at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) qm_1 | at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) qm_1 | at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117) qm_1 | at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) qm_1 | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) qm_1 | at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) qm_1 | at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) qm_1 | at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) qm_1 | at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) qm_1 | at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) qm_1 | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) qm_1 | at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52) qm_1 | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) qm_1 | at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) qm_1 | at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) qm_1 | at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) qm_1 | at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) qm_1 | at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) qm_1 | at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) qm_1 | at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) qm_1 | at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) qm_1 | at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) qm_1 | at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387) qm_1 | at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841) qm_1 | at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) qm_1 | at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) qm_1 | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) qm_1 | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) qm_1 | at java.base/java.lang.Thread.run(Unknown Source) qm_1 | Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get destination. qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationServiceAdapter.getDestinationConfigurationAsJson(ScpCfDestinationServiceAdapter.java:269) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationLoader.getDestinationConfigurationFromDestinationService(ScpCfDestinationLoader.java:263) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationLoader.getDestinationConfigurationByTenant(ScpCfDestinationLoader.java:203) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationLoader.getDestinationConfigurationByRetrievalStrategy(ScpCfDestinationLoader.java:160) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationLoader.loadAndParseDestination(ScpCfDestinationLoader.java:138) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationLoader.lambda$null$0(ScpCfDestinationLoader.java:119) qm_1 | at com.sap.cloud.sdk.cloudplatform.cache.CacheUtil.lambda$wrapCallableAsFunction$0(CacheUtil.java:42) qm_1 | ... 112 common frames omitted qm_1 | Caused by: com.sap.cloud.sdk.cloudplatform.resilience.ResilienceRuntimeException: com.sap.cloud.sdk.cloudplatform.thread.exception.ThreadContextExecutionException: com.sap.cloud.sdk.cloudplatform.security.exception.TokenRequestFailedException: Failed to resolve access token. qm_1 | at com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy.lambda$null$3(Resilience4jDecorationStrategy.java:233) qm_1 | at io.vavr.control.Try.onFailure(Try.java:659) qm_1 | at com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy.lambda$decorateCallable$4(Resilience4jDecorationStrategy.java:232) qm_1 | at com.sap.cloud.sdk.cloudplatform.resilience.ResilienceDecorationStrategy.executeCallable(ResilienceDecorationStrategy.java:261) qm_1 | at com.sap.cloud.sdk.cloudplatform.resilience.ResilienceDecorator.executeCallable(ResilienceDecorator.java:250) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationServiceAdapter.getDestinationConfigurationAsJson(ScpCfDestinationServiceAdapter.java:256) qm_1 | ... 118 common frames omitted qm_1 | Caused by: com.sap.cloud.sdk.cloudplatform.thread.exception.ThreadContextExecutionException: com.sap.cloud.sdk.cloudplatform.security.exception.TokenRequestFailedException: Failed to resolve access token. qm_1 | at com.sap.cloud.sdk.cloudplatform.thread.AbstractThreadContextExecutor.execute(AbstractThreadContextExecutor.java:299) qm_1 | at com.sap.cloud.sdk.frameworks.resilience4j.DefaultThreadContextProvider.lambda$decorateCallable$0(DefaultThreadContextProvider.java:26) qm_1 | at java.base/java.util.concurrent.FutureTask.run(Unknown Source) qm_1 | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) qm_1 | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) qm_1 | ... 1 common frames omitted qm_1 | Caused by: com.sap.cloud.sdk.cloudplatform.security.exception.TokenRequestFailedException: Failed to resolve access token. qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.XsuaaService.lambda$retrieveAccessTokenViaClientCredentialsGrant$2(XsuaaService.java:92) qm_1 | at io.vavr.control.Try.getOrElseThrow(Try.java:748) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.XsuaaService.retrieveAccessTokenViaClientCredentialsGrant(XsuaaService.java:91) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationServiceAdapter.getAccessTokenForDestinationService(ScpCfDestinationServiceAdapter.java:288) qm_1 | at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationServiceAdapter.lambda$getDestinationConfigurationAsJson$0(ScpCfDestinationServiceAdapter.java:258) qm_1 | at com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy.lambda$decorateCallable$2(Resilience4jDecorationStrategy.java:212) qm_1 | at com.sap.cloud.sdk.cloudplatform.security.SecurityContextThreadContextDecorator.lambda$decorateCallable$2(SecurityContextThreadContextDecorator.java:51) qm_1 | at com.sap.cloud.sdk.cloudplatform.thread.ThreadContextCallable.call(ThreadContextCallable.java:225) qm_1 | at com.sap.cloud.sdk.cloudplatform.thread.AbstractThreadContextExecutor.execute(AbstractThreadContextExecutor.java:293) qm_1 | ... 5 common frames omitted qm_1 | Caused by: com.sap.cloud.security.xsuaa.tokenflows.TokenFlowException: Error requesting technical user token with grant_type 'client_credentials': Error retrieving JWT token. Server URI https://***.authentication.sap.hana.ondemand.com/oauth/token. Http status code 401. Response body '{"error":"unauthorized","error_description":"Bad credentials"}' qm_1 | at com.sap.cloud.security.xsuaa.tokenflows.ClientCredentialsTokenFlow.requestTechnicalUserToken(ClientCredentialsTokenFlow.java:188) qm_1 | at com.sap.cloud.security.xsuaa.tokenflows.ClientCredentialsTokenFlow.execute(ClientCredentialsTokenFlow.java:141) qm_1 | at io.vavr.control.Try.of(Try.java:75) qm_1 | ... 12 common frames omitted qm_1 | Caused by: com.sap.cloud.security.xsuaa.client.OAuth2ServiceException: Error retrieving JWT token. Server URI https://****.authentication.sap.hana.ondemand.com/oauth/token. Http status code 401. Response body '{"error":"unauthorized","error_description":"Bad credentials"}' qm_1 | at com.sap.cloud.security.xsuaa.client.OAuth2ServiceException$Builder.build(OAuth2ServiceException.java:107) qm_1 | at com.sap.cloud.security.xsuaa.client.DefaultOAuth2TokenService.executeRequest(DefaultOAuth2TokenService.java:98) qm_1 | at com.sap.cloud.security.xsuaa.client.DefaultOAuth2TokenService.requestAccessToken(DefaultOAuth2TokenService.java:80) qm_1 | at com.sap.cloud.security.xsuaa.client.AbstractOAuth2TokenService.getAndCacheToken(AbstractOAuth2TokenService.java:305) qm_1 | at com.sap.cloud.security.xsuaa.client.AbstractOAuth2TokenService.getOrRequestAccessToken(AbstractOAuth2TokenService.java:263) qm_1 | at com.sap.cloud.security.xsuaa.client.AbstractOAuth2TokenService.getOAuth2TokenResponse(AbstractOAuth2TokenService.java:252) qm_1 | at com.sap.cloud.security.xsuaa.client.AbstractOAuth2TokenService.retrieveAccessTokenViaClientCredentialsGrant(AbstractOAuth2TokenService.java:112) qm_1 | at com.sap.cloud.security.xsuaa.tokenflows.ClientCredentialsTokenFlow.requestTechnicalUserToken(ClientCredentialsTokenFlow.java:183) qm_1 | ... 14 common frames omitted

I debug into cloud sdk: It seems that when forming a post request, the 'Authorization' header will not be added.

HttpHeaders headers = HttpHeadersFactory.createWithoutAuthorizationHeader().withHeader(HttpHeaders.X_ZID,
            zoneId);

    if (isCacheDisabled() || disableCacheForRequest) {
        return requestAccessToken(tokenEndpoint, headers, parameters);
    }

Don't know why Authorization header will not be added. But this is the reason that I fail to get a token! Or is there any configuration I missed?

Hope someone can help me with this issue. Thanks.

CharlotteHu111
  • 1
  • 2
  • I'm from the [SAP Cloud SDK](https://sap.github.io/cloud-sdk/) team and I feel like some context is missing here: Please share the stack-trace and/or error messages that were logged. Which version of _Cloud SDK_ are you using? You are pointing at source-code of another library `com.sap.cloud.security.xsuaa:token-client`, I'm not sure where exactly in the library stack this code is called. What's the destination authentication type? [According to specification](https://docs.cloudfoundry.org/api/uaa/version/75.5.0/index.html#jwt-bearer-token-grant) the "Authorization" header is not necessary. – Alexander Dümont Dec 20 '21 at 17:03
  • Hi, I have updated the stack-trace. the cloud sdk I used is 3.59.0. Destination type is 'HTTP'. You can see that the error message shows that the credential is 'BAD', However, it gets 'client id' and client secret and auth url. Don't know why it is bad... – CharlotteHu111 Dec 21 '21 at 08:48
  • Please confirm/deny the following assumptions: **(1)** When using `ScpCfDestinationRetrievalStrategy.ALWAYS_PROVIDER` it works. **(2)** You are using a Spring application, there's an Application class and have not added [the required annotations `@ComponentScan` and `@ServletComponentScan`](https://sap.github.io/cloud-sdk/docs/java/guides/cap-sdk-integration#enable-the-component-scan-for-sap-cloud-sdk-package). **(3)** You are not using an "_approuter_" to manage user login / access tokens. – Alexander Dümont Dec 21 '21 at 09:18
  • Here are the answers: 1) ALWAYS_PROVIDER doesn't work, it gets the same error. 2) just now I added the ComponentScan and ServletComponentScan to the class which calls 'getdestinations', also the same error. 3) I run the app in local docker image. there is no "approuter" to manage tokens. – CharlotteHu111 Dec 21 '21 at 09:29
  • **(1+3)** I assume with your application setup you can only use `ALWAYS_PROVIDER` anyway. **(2)** With the new annotations is there a `RequestAccessorFilter` in the stack-trace? **(4)** Is it possible for you to re-create the XSUAA service binding (maybe with plan `application`)? If yes, does it change the outcome of the issue? I think it has something to do with the _zoneId_ which is not yet correctly evaluated in your scenario. This could be due to an outdated configuration. – Alexander Dümont Dec 21 '21 at 12:36
  • For(2), No RequestAccessorFilter shows in stack-trace. for (4), No , I can't change xsuaa to application plan as we are using a broker plan already. Our app is deployed in Kubernetes not BTP and there is no VCAP_SERVICES. I copied a VCAP_SERVICE from an app which is binded with our xsuaa and destination services in BTP platform, and used it in local docker. otherwise I can't used cloud sdk to get destinations. I checked Zoneid, it is the same with destination VCAP_SERVICES's zoneid. Our main purpose is get our service subscribers' destinations and send messages to them. – CharlotteHu111 Dec 21 '21 at 13:39
  • Let's deal with _SUBSCRIBER_ use-case later on (including missing `RequestAccessorFilter` invocation). For now we should focus on enabling the _PROVIDER_ use-case: Have you already checked whether the manual request to XSUAA works [as described below](https://stackoverflow.com/a/70435894/9350514)? – Alexander Dümont Dec 21 '21 at 16:06

1 Answers1

0

Please use the "credentials" from the "destination" service binding JSON to run the REST request yourself manually, in order to make sure the binding data is still valid:

Run POST [credentials.url]/oauth/token with Content-Type: application/x-www-form-urlencoded using the following form values:

grant_type: client_credentials
client_id: [credentials.clientid]
client_secret: [credentials.clientsecret]

When successful, you'll receive a 200 response with Content-Type: application/json containing an access_token field.

When not successful, please unbind/rebind the service. The values may have become outdated. Repeat test procedure.

Alexander Dümont
  • 903
  • 1
  • 5
  • 9
  • Hi, yes, we can get the access_token through POST [credentials.url]/oauth/token, with clientid, client secret. We get access_token successfully, without Authorization Header. We can also use the access_token to visit destination service url to get destinations: https://destination-configuration.cfapps.sap.hana.ondemand.com/destination-configuration/v1/... – CharlotteHu111 Dec 22 '21 at 03:19
  • Hi, I finally get why it can't get the accesstoken. It get the correct token url and client id. but client secret is incorrect! It gets only part of client secret. The correct secret is 'fc599875-97da-4861-a143-ab207643b555$ZTZGe2qzdHVG4DB3mRsh3TDRz...', However, it gets only front of the the clientsecret as "fc599875-97da-4861-a143-ab207643b555=" So the credential is bad... – CharlotteHu111 Dec 22 '21 at 06:57
  • Do I understand correctly, the problem is already resolved? Or are you reporting a bug in _SAP Cloud SDK_ in which it doesn't properly parse the VCAP_SERVICE variable? – Alexander Dümont Dec 22 '21 at 09:17
  • It is not solved as client secret is not obtained successfully. I think I should report a bug in SAP CLOUD SDK... – CharlotteHu111 Dec 22 '21 at 09:30