cloud-sdk-js icon indicating copy to clipboard operation
cloud-sdk-js copied to clipboard
verified publisher icon SAP

HIGH - getDestination throws error after broker request

Open maxpfab opened this issue 10 months ago • 3 comments

Describe the Bug

Hello Experts,

We currently have a problem with a call to a second CAP service which then calls an external service. Our approach is as follows:

CAP APP 1 updates an Entity via API Endpoint on CAP APP 2 via Service Broker(Destination Auth: OAuth2ClientCredentials with Broker Key Details.).

After the update of the ENTITY in CAP APP 2, the service handler will directly perform a REST Call to the integration suite. So CAP APP 2 also calls the destination service via the Service Broker Auth token. This Call returns then:

"2025-02-14T13:05:01.382+0000 [APP/PROC/WEB/0] STDOUT {"custom_fields":{"messageContext":"environment-accessor", "package":"connectivity"},"level":"warn","logger":"sap-cloud-sdk-logger","message": "Found no service binding for service 'xsuaa' matching either the token's client id or audience.","msg": "Found no service binding for service 'xsuaa' matching either the token's client id or audience.", "timestamp":"2025-02-14T13:05:01.382Z","written_at":"2025-02-14T13:05:01.382Z","written_ts":1739538301382}" ..... "Failed to load destination. Caused by: Could not find XSUAA service binding matching the token.","request":{"method":"POST","url":"","headers":{"accept":"application/json,text/plain", "accept-language":"de","content-type":"application/json","content-length":220,"x-correlation-"..... "["Error: Error during request to remote service: Failed to load destination.","at run (/home/vcap/deps/0/node_modules/@sap/cds/libx/_runtime/remote/utils/client.js:234:31)", "at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","at async RemoteService.on_handler (/home/vcap/deps/0/node_modules/@sap/cds/libx/_runtime/remote/Service.js:265:20)","at async next (/home/vcap/deps/0/node_modules/@sap/cds/lib/srv/srv-dispatch.js:68:17)","at async RemoteService.handle (/home/vcap/deps/0/node_modules/@sap/cds/lib/srv/srv-dispatch.js:66:10)","at async PublicApiDataLayer.onMaintenanceOrderUpdate (/home/vcap/app/srv/publicapidatalayer/publicapidatalayer.js:516:38)","at async next (/home/vcap/deps/0/node_modules/@sap/cds/lib/srv/srv-dispatch.js:68:17)","at async PublicApiDataLayer.handle (/home/vcap/deps/0/node_modules/@sap/cds/lib/srv/srv-dispatch.js:66:10)","at async PublicApiDataLayer.handle (/home/vcap/deps/0/node_modules/@sap/cds/libx/_runtime/common/Service.js:106:16)", "at async /home/vcap/deps/0/node_modules/@sap/cds/libx/_runtime/cds-services/adapter/odata-v4/handlers/action.js:53:16"], "statusCode":502,"reason":{"message":"Error during request to remote service: Failed to load destination. Caused by: Could not find XSUAA service binding matching the token.","request":{"method":"POST","url":"","headers": {"accept":"application/json,text/plain","accept-language":"de","content-type":"application/json","content-length":220,"x-correlation-"

Steps to Reproduce

  1. Work on UI In CAP APP 1 (Production Plan)
  2. Send Update due Property update from CAP APP 1 -> CAP APP 2 (Datalayer)
  3. Perfrom update and send the update inside of the handler via REST CALL to the integration suite

Expected Behavior

CAP APP 2 should be able to call the destinations from the Subaccount also with Service Broker Auth Token.

Screenshots

No response

Used Versions

  • Node version v20.16.0

  • NPM version via 10.8.1

  • SAP Cloud SDK version:

  • "@sap-cloud-sdk/connectivity": "^3.26.0", "@sap-cloud-sdk/core": "^1.54.2", "@sap-cloud-sdk/http-client": "^3.26.1",

  • For CAP users, CAP version: @sap/cds: 7.9.5 @sap/cds-common-content: 2.1.0 @sap/cds-compiler: 4.9.8 @sap/cds-dk: 7.9.9 @sap/cds-dk (global): 8.4.1 @sap/cds-fiori: 1.4.0 @sap/cds-foss: 5.0.1 @sap/cds-hana: 2.0.0 @sap/eslint-plugin-cds: 3.1.2

Code Examples

const connCPIS4 = await cds.connect.to("<CpiS4API_DESTINATION>");
await connCPIS4.post("/UpdateOrder", {
      "order" : "abc",
      "status": "done",
      "quantity": 23,
      ...
    });

Log File

kronesdigitaldatalayer-srv-2025-02-14 13_06_26.507+0000.txt

Affected Development Phase

Development

Impact

Blocked

Timeline

We wanted to put the service live at the beginning of April.

Additional Context

No response

maxpfab avatar Apr 02 '25 10:04 maxpfab

Hi @maxpfab ,

Sorry but I am a bit confused here. Please correct me if I am wrong:

  • CAP APP 1 calls CAP APP 2 uses a Destination registered in Destination service (or maybe this step has nothing to do with the Destination service?)
    • And it works.
  • CAP APP 2 then calls a remote REST endpoint also uses a Destination registered in Destination service
    • And this fails.

I suppose that the error message Found no service binding for service 'xsuaa' matching... comes from CAP APP 2 right? In this case, have you bound an XSUAA service instance to CAP APP 2? Because SDK (or to be more specific the Destination service) relies on an XSUAA instance to verify the token.

Also, are you using XSUAA or IAS?

ZhongpinWang avatar Apr 14 '25 13:04 ZhongpinWang

Hi @ZhongpinWang,

Yes in step one, CAP APP 1 is calling the CAP APP 2 with a Destination which has a Broker Instance bound as authorization from CAP APP 2.

And in step two the CAP APP 2 is trying to call the Destination also from the Destination service with the Broker token and then it is not able to retrieve the Destination info. However, the broker is setup with the XUSAA from CAP APP 2.

Also for the Destination no forwardToken is not configured inside of the CAP APP 1 to CAP APP 2 call.

Currently we are navigating an UI call from CAP APP 1 with a custom IAS to CAP APP 2 with the broker.

maxpfab avatar Apr 15 '25 06:04 maxpfab

#5866

jjtang1985 avatar Jun 24 '25 07:06 jjtang1985

Finished the problem in the request https://github.com/SAP/cloud-sdk-js/issues/5866. With the newest sdk version it is now working.

maxpfab avatar Aug 27 '25 11:08 maxpfab