Add Node.js part to Outbound Authentication#2596
Open
vkozyura wants to merge 16 commits into
Open
Conversation
PDT42
requested changes
Jun 15, 2026
PDT42
left a comment
PDT42
left a comment
Contributor
There was a problem hiding this comment.
Perhaps this guide should use the Java / Node.js switch, if that is still a thing? The examples and required steps seem pretty disconnected.
Contributor
It's not a thing anymore. But code groups that have Java/Node are now remembered by selection without the toggle. |
PDT42
reviewed
Jun 16, 2026
PDT42
previously approved these changes
Jun 16, 2026
PDT42
left a comment
PDT42
left a comment
Contributor
There was a problem hiding this comment.
I am still having trouble with the structure: I think intermixing the Java and Node.js guides like this doesn't provide much benefit and is at least a bit confusing ... However, the documented process (without trying to go through it myself) makes sense to me.
Comment on lines
88
to
165
| @@ -105,36 +105,73 @@ cds: | |||
| options: | |||
| url: https://<xflights-srv-cert url> | |||
| ``` | |||
| ```json [Node.js: package.json] | |||
| { | |||
| "cds": { | |||
| "requires": { | |||
| "sap.capire.flights.data": { | |||
| "kind": "hcql", | |||
| "[production]": { | |||
| "credentials": { | |||
| "url": "https://<xflights-srv-cert url>/hcql/data", | |||
| "forwardAuthToken": true | |||
| } | |||
| } | |||
| } | |||
| } | |||
| } | |||
| } | |||
| ``` | |||
| ::: | |||
|
|
|||
| ::: details Java configuration explained | |||
|
|
|||
| The `type` property activates the protocol for exchanging business data and must be offered by the provider [CDS service](https://github.com/capire/xflights-java/blob/6fc7c665c63bb6d73e28c11b391b1ba965b8772c/srv/data-service.cds#L24). | |||
| The `model` property needs to match the fully qualified name of the CDS service from the imported model. | |||
| You can find CDS service definition of `sap.capire.flights.data` in file `target/cds/capire/xflight-data/service.cds` resolved during CDS build step. | |||
| The `binding.name` needs to point to the shared identity instance and `options.url` together with `http.suffix` provides the required location of the remote service endpoint. | |||
| Finally, `onBehalfOf: systemUser` specifies that the remote call is invoked on behalf of a technical user in context of the tenant. | |||
|
|
|||
| ::: tip | |||
| On behalf of `systemUser` works both in pure single tenant and in pure multitenant scenarios. | |||
| On behalf of `systemUser` (Java) works both in pure single tenant and in pure multitenant scenarios. | |||
| If you are consuming a single tenant service from within a multitenant application choose on behalf of `systemUserProvider`. | |||
|
|
|||
| ::: | |||
|
|
|||
| ::: details Node.js configuration explained | |||
|
|
|||
| The configuration follows the standard pattern for [required services](../integration/reuse-and-compose#configuring-required-services) with [service bindings](../integration/reuse-and-compose#binding-required-services). | |||
|
|
|||
| For co-located services sharing the same identity instance, `forwardAuthToken: true` forwards the incoming JWT directly to the provider - no token exchange needed since the token is already valid. Unlike Java's `onBehalfOf` option, no additional configuration is required as the original user context is preserved in the forwarded token. | |||
|
|
|||
| ::: | |||
|
|
|||
|
|
|||
|
|
|||
| Now you are ready to deploy the application with | |||
|
|
|||
| ```sh | |||
| cd ./xtravels_java | |||
| ::: code-group | |||
| ```sh [Java] | |||
| cd ./xtravels-java | |||
| cds up | |||
| ``` | |||
|
|
|||
| ```sh [Node.js] | |||
| cd ./xtravels | |||
| cds up | |||
| ``` | |||
| ::: | |||
|
|
|||
| ❗Note that CF application `xtravels-srv` will not start successfully as long as `xflights` is not deployed yet (step 3). | |||
Contributor
Contributor
There was a problem hiding this comment.
We could/should do that throughout the document. I think this makes a nicer flow
Contributor
There was a problem hiding this comment.
I just included it in my changes. Please have a look if you have any objections against one/some of my edits.
Comment on lines
153
to
163
| ::: code-group | ||
| ```sh [Java] | ||
| cd ./xtravels_java | ||
| cd ./xtravels-java | ||
| cds up | ||
| ``` | ||
|
|
||
| ```sh [Node.js] | ||
| cd ./xtravels | ||
| cds up | ||
| ``` | ||
| ::: |
Contributor
There was a problem hiding this comment.
What's the result of this? If we state this, I think it's clearer what we talk about in the rest of the document:
xtravels-srvserverxtravels-iasservice instancextravels-dbservice instance?- more?
| @@ -90,6 +87,7 @@ | |||
|
|
|||
| As client, `xtravels-srv` first needs a valid configuration for the remote service `sap.capire.flights.data`: | |||
Contributor
There was a problem hiding this comment.
I'd argue that this cannot be called xtravels-srv yet. We should only use it when it is important to differentiate between xtravels and the deployed server.
…y, and improve authorization instructions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.