1/20/2024 0 Comments Node js base64The “Request Reply” step is configured with the “Credentials” artifact created before.Īfter calling the REST API endpoint, we get the info of the desired “Destination Configuration” in the response body. In CPI, we upload the credentials of the Destination Service in a “Security Materials” artifact.ĬPI is then able to fetch a token for Destination Service.įrom an iFlow, we use a “Request Reply” step to call the REST API endpoint of Destination Service. That can be done with the help of CPI ”Credentials” artifact. The JWT token, required for calling the REST API, can be fetched with “client credentials”. The Destination Service REST API itself is protected with OAuth by an internal instance of xsuaa. In that case, it can be done manually, see this blog post(chapter 1 and 2) ![]() We get the credentials for the API in the binding or service key of a service instance of Destination Service.īecause for calling the REST API, normal client-credentials flow can be used, so we can leverage the capabilities of CPI. The Destination Service provides a REST API, such that we can programmatically ask the Destination Service to fetch a JWT token for us. So I’ve thought of using the Destination Service in SAP BTP.īut how can we use BTP-services from iFlow? We need to manually fetch a JWT token which is then sent to the target application. The chain is required because a certificate must proof that is is signed by a trustworthy authority (CA). The private key is required to prove the validity of the certificate. To be more concrete, we get the certificate chain plus the corresponding private key. Instead of a secret we get the certificate. In case of mTLS, we send client-id and client-certificate.Īs usual, we get the credentials in the binding (or service key). Usually we send client-id and client-secret (user / password) We as an OAuth client fire a request to the authorization server in order to fetch a JWT token. See more detailed explanations in this cool blog post. This means that not only the server, but also the client have to present a certificate to guarantee trustworthiness. It stands for “mutual Transport Layer Security”. The target application is now switching to mTLS.ĭon’t worry, it’s not that scary, just requires some helpful blog post We only need to get the credentials of the token service and upload to CPI This is not a problem, as CPI provides support for automatically fetching a JWT token when sending a request. The target application is protected with OAuth 2.0 which means that it requires a valid JWT token. We have a scenario where we want to call a target application from our iFlow (Outbound via HTTP Receiver adapter). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |