Exercise: Implementing authentication and authorization in TypeScript NestJS application

Objective

After completing this lesson, you will be able to implementing authentication and authorization in TypeScript NestJS application

Implementing authentication and authorization in TypeScript NestJS application

Description

In this exercise, you will learn how to implement authentication and authorization in TypeScript NestJS application deployed in SAP BTP. In addition, we will also test the authentication and authorization mechanism.

Prerequisites

For the complete execution of current exercise, you must execute the following activities first:

  1. Execute the following exercises:
    • Creating your free trial account in SAP BTP
    • Complete the exercise Deploying TypeScript NestJS application to SAP BTP
    • Complete the exercise Activating the APIs in SAP S/4HANA Cloud

Task 1: Implementing authentication and authorization in TypeScript NestJS application

In this exercise, you will learn how to implement authentication and authorization in TypeScript NestJS application deployed in SAP BTP.

Steps

  1. Checkout the branch tsnestjs_v5.0_jwt in SAP Business Application Studio

    1. Open SAP Business Application Studio.

    2. Choose FileOpen Folder... and open projects/cloud-sdk-learning-journey.

    3. Run the following commands in the terminal.

      Code Snippet
      12
      cd ~/projects/cloud-sdk-learning-journey
git checkout -f tsnestjs_v5.0_jwt
      Screenshot of the SAP Business Application Studio, while executing a git checkout.

  2. Edit the manifest.yml file under approuter folder to point to your backend URL and region

    1. Determine your backend URL and region by navigating to your application in SAP BTP. See figure below. In the image below, your backend URL is https://cloudsdk_bp_ts-active-dingo-cc.cfapps.us10.hana.ondemand.com and the region is us10.

      Screenshot of the SAP BTP Cockpit, showing the view to retrieve the Application URL.

    2. Edit the manifest.yml file under approuter folder with the values obtained above. See image below.

      Screenshot of the SAP Business Application Studio, editing a manifest.yml file.

      At point 4 of the figure, replace the whole url with the url of your running cloudsdk_bp_ts application.

      At point 5 of the figure, replace the last part of the URL, from the regional identifier us10 to the end. Use the corresponding part from the URL of your running approuter application.

  3. Build and push the project to SAP BTP

    1. Build and push the application to SAP BTP by running the following commands in the terminal. Note: You will have to login to your SAP BTP Cloud Foundry account before running the cf commands

      Code Snippet
      123456789
      cd cloudsdk_bp_ts
npm install
cf create-service destination lite mydestination
cf create-service xsuaa application mysecurexsuaa -c xs-security.json
npm run build
cf push
cd ../approuter/
cf push
      Screenshot of the SAP Business Application Studio, executing the previous commands.

      Note

      You will have to login to your SAP BTP Cloud Foundry account before running the cf commands. Since the application depends on xsuaa and destination service, we need to create an instance of these services before deploying the application

    2. Verify that the application is successfully deployed in SAP BTP and the mysecurexsuaa and mydestination services are bound to the application. Remove the myxsuaa service that is bound to the application by clicking on the delete icon

      Screenshot of the SAP BTP Cockpit, showing the service bindings for an application.

    3. Verify that the bpdestination is created at the subaccount. This is a step from the prerequisite exercise. See image below. If not present, make sure to complete the prerequisite exercise.

      Screenshot of the SAP BTP Cockpit, maintaining a destination service.

  4. Query the Business Partner API of SAP S/4HANA Cloud

    1. Find out the URL of the approuter application. After successful completion of the command cf push, the URL is displayed on the screen. Alternatively, you can click on approuter application in SAP BTP to find out the URL

      Screenshot of the SAP Business Application Studio, retrieving the application URL from the terminal.
      Screenshot of the SAP BTP Cockpit, showing where to get the application URL

    2. Open a new tab and browse to https://APPROUTER_URL/service/business-partner, APPROUTER_URL is the URL you copied after executing the cf push command.

    3. Verify that it prompts you to login (OR) logs you in automatically if SSO is enabled

    4. Verify that you receive an authorization failed error saying you don't have the Admin or Viewer role.

      Screenshot of the error message in the web browser.

    5. Assign the TypeScript NestJS SDK Tutorial Admin and TypeScript NestJS SDK Tutorial Viewer role collection to the user at the subaccount level. Please follow the steps in the figure below

      Screenshot of the SAP BTP Cockpit, assigning role collections to users.
      Screenshot of the SAP BTP Cockpit, assigning role collections to users.

    6. Open a new browser window and browse to https://APPROUTER_URL/service/business-partner, APPROUTER_URL is the URL you copied after executing the cf push command

    7. Verify that you are now able to retrieve the business partners

      Webb browser window, showing the running service output.

  5. Optional: Review code in the following source files

    Code walk-through

    File nameComments on code changes
    business-partner.controller.js

    Code logic is as follows...

    1. SAP Cloud SDK provides a convenience feature to extract the JWT from the request object .
    2. If JWT is not available, throw an HttpException saying authentication failed - This way, the only way to access the TypeScript module is through the approuter
    3. If JWT is available, make sure the user has the proper roles to perform the desired action
    requests.httpProvides various HTTP requests that can be submitted to query the Business Partner API
    commands.txtProvides various commands that can be run on the terminal

Task 2: Optional: Testing CRUD functionality with Postman REST client

In this exercise, you will learn how to test CRUD functionality with Postman REST client.

Steps

  1. Deploy the mock server to SAP BTP Cloud Foundry environment

    1. Open SAP Business Application Studio.

    2. Choose FileOpen Folder... and open projects/cloud-s4-sdk-book.

    3. Run the following commands in the terminal.

      Code Snippet
      12
      cd ~/projects/cloud-s4-sdk-book
git checkout mock-server

    4. Edit the manifest.yaml file. Change the value of random-route to true.

    5. Remove the whole routes: section, including the existing route.

    6. Edit the server.js file to enter 8081 for the default port number

    7. Edit the package.json file. Modify the node value to use ^20.9.0. See image.

    8. Run the following command in the terminal

      Code Snippet
      1
      cf push
      Screenshot of a terminal window ececuting cf push.

  2. Edit the bpdestination to point to the mock server URL. We do this because the SAP API Business Hub does not support CUD operations

    1. The bpdestination should already be created if you completed the prerequisite exercise - Implementing authentication and authorization in TypeScript NestJS application. Simply edit the URL property to point to the mock server URL.

      Screenshot of the SAP BTP Cockpit, showing the maintenance of a destination service.

  3. Import the collection in Postman REST client

    1. Download and install the Postman REST client from the following locationhttps://www.postman.com/product/rest-client. We will use the Postman REST client for testing the CRUD operations

    2. Download the collection from

      hereScreenshot of GitHub,

    3. Open Postman REST client and import the downloaded collection

      Screenshot of a learning journey.

  4. Get new access token in order to make the CRUD request

    1. Run the following command in the terminal

      Code Snippet
      1
      cf env cloudsdk_bp_ts

    2. Under the section xsuaa, make note of the clientid, clientsecret, url values

      Screenshot of the command line window.

    3. Enter the following values in Postman REST client in the Authorization tab

      Token NameMy credentials
      Grant TypeAuthorization Code
      Callback URLApprouter URL (see image)
      Auth URLAppend /oauth/authorize to url from previous step
      Access Token URLAppend /oauth/token to url from previous step
      Client IDclientid from previous step
      Client Secretclientsecret from previous step
      Client AuthenticationSend as Basic Auth header
      Screenshot of the SAP BTP Cockpit, retriving an application URL.

    4. Click on Get New Access Token to get the new access token. Click Proceed and use the new access token

      Screenshot of the HTTP client.
      Screenshot of the HTTP Client.

  5. Test the CRUD operation on the Service

    1. Switch to the PUT Business Partners request. Replace the URL with your Service URL

    2. Click Send to submit the PUT request

      Screenshot of the SAP BTP Cockpit, getting the application URL.
      Screenshot of the HTTP Client

    3. Verify that the PUT request returns a 200 OK response

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn