I set it up like so..
Using the lib. below -- you will need to pass those attributes from the Identity Provider (IdP) to the Database. Your json config via xs-security will allow for scope of permissions.
First download the Python:
sap_xsseclib. It should allow you to get at attributes for JWT token.Second, setup your Service & security
//import these lib. after downloading
from sap import xssec
from cfenv import AppEnv
// get your env.
myEnv = AppEnv()
// get your UAA service
myService = myEnv.get_service(name='<uaa_service_name>').credentials
// now your JWT access token for
contextWithAccessToken = xssec.create_security_context(access_token, myService)
Next configure your xs-security file
Example xs-security.json File
{
"xsappname" : "node-hello-world",
"scopes" : [ {
"name" : "$XSAPPNAME.Display",
"description" : "display" },
{
"name" : "$XSAPPNAME.Edit",
"description" : "edit" },
{
"name" : "$XSAPPNAME.Delete",
"description" : "delete" }
],
"attributes" : [ {
"name" : "Country",
"description" : "Country",
"valueType" : "string" },
{
"name" : "CostCenter",
"description" : "CostCenter",
"valueType" : "int" }
],
"role-templates": [ {
"name" : "Viewer",
"description" : "View all books",
"scope-references" : [
"$XSAPPNAME.Display" ],
"attribute-references": [ "Country" ]
},
{
"name" : "Editor",
"description" : "Edit, delete books",
"scope-references" : [
"$XSAPPNAME.Edit",
"$XSAPPNAME.Delete" ],
"attribute-references" : [
"Country",
"CostCenter"]
}
]
}
// Get the user values ready for your env. XS_APPLICATIONUSER or $env.user.value
Setup you @sap/hana-client call With the
connection.session.XS_APPLICATIONUSER = <JWT TOKEN>;Dont forget to setup
sap-jwt/py-jwtlibrary for validation of the jwt token
Just set
USE_SAP_PY_JWT = true
You are done!