I'm trying to fetch the role collections assigned to my user in CAP (NodeJS). I've assigned my user to one role collections, but it does not get reflected upon testing (BAS). I've attached my configuration and statement I use to fetch the role collections. Any clues what I'm missing?
xs-security.json
{
"xsappname": "test-cap",
"tenant-mode": "dedicated",
"description": "Security profile of called application",
"scopes": [
{
"name": "uaa.user",
"description": "UAA"
},
{
"name": "$XSAPPNAME.Admin",
"description": "Admin"
}
],
"role-templates": [
{
"name": "Token_Exchange",
"description": "UAA",
"scope-references": [
"uaa.user"
]
},
{
"name": "Admin",
"description": "Admin Role",
"scope-references": [
"$XSAPPNAME.Admin"
]
}
],
"role-collections": [
{
"name": "Admin",
"description": "Admin",
"role-template-references": [
"$XSAPPNAME.Admin"
]
}
],
"oauth2-configuration": {
"redirect-uris": [
"https://*.applicationstudio.cloud.sap/**"
]
}}
package.json
"cds": {
"build": {
"target": "."
},
"requires": {
"uaa": {
"kind": "xsuaa"
},
"db": {
"kind": "hana"
}
},
"hana": {
"deploy-format": "hdbtable"
}}
mta.yaml
Output of console.log(req.user)
{
"id": "[email protected]",
"_roles": {
"any": 1,
"identified-user": 1,
"authenticated-user": 1
},
"attr": {},
"tenant": null}
As far as I know the roles are stored in the JWT token, not in the CDS user object itself. The user object itself only "stores" the pseudo-roles (see here: https://cap.cloud.sap/docs/guides/authorization#roles)
However you can check for specific roles using the
req.user.is(<rolename>)method. (see: https://cap.cloud.sap/docs/node.js/authentication#enforcement)