Hello,
We are using SDM plugin version 1.9.0 with IAS (Identity Authentication Service) for user authentication. File upload fails during the content upload step with a token exchange error.
Error
com.sap.cloud.security.xsuaa.client.OAuth2ServiceException: Error requesting access token!
Http status code: 401
Response body: {
"error": "invalid_token",
"error_description": "Some parties were not in the token audience: 6d1db9be-1867-4755-9622-ef3461821294"
}
Stack trace shows the error occurs in:
at com.sap.cds.sdm.service.SDMServiceImpl.getFolderIdByPath(SDMServiceImpl.java:518)
at com.sap.cds.sdm.service.handler.SDMAttachmentsServiceHandler.createDocumentInSDM(SDMAttachmentsServiceHandle
r.java:422)
Reproduction
- App uses IAS for user authentication (
/bindings/auth label: identity)
- SDM service binding at
/bindings/sdm (XSUAA-based)
- Upload file via OData:
PUT /Entity_attachments(...)/content
- SDM plugin attempts to exchange IAS token for XSUAA token → fails with 401
Question
Is IAS + SDM officially supported? If yes, what is the recommended configuration?
The SDM plugin seems to attempt user token exchange (named user flow) which fails because IAS tokens cannot be
exchanged for XSUAA tokens.
Hello,
We are using SDM plugin version 1.9.0 with IAS (Identity Authentication Service) for user authentication. File upload fails during the content upload step with a token exchange error.
Error
com.sap.cloud.security.xsuaa.client.OAuth2ServiceException: Error requesting access token!
Http status code: 401
Response body: {
"error": "invalid_token",
"error_description": "Some parties were not in the token audience: 6d1db9be-1867-4755-9622-ef3461821294"
}
Stack trace shows the error occurs in:
at com.sap.cds.sdm.service.SDMServiceImpl.getFolderIdByPath(SDMServiceImpl.java:518)
at com.sap.cds.sdm.service.handler.SDMAttachmentsServiceHandler.createDocumentInSDM(SDMAttachmentsServiceHandle
r.java:422)
Reproduction
/bindings/authlabel:identity)/bindings/sdm(XSUAA-based)PUT /Entity_attachments(...)/contentQuestion
Is IAS + SDM officially supported? If yes, what is the recommended configuration?
The SDM plugin seems to attempt user token exchange (named user flow) which fails because IAS tokens cannot be
exchanged for XSUAA tokens.