Securing React and SAP CAP Applications on SAP BTP: XSUAA, IAS, and Authorization Design

This live session focuses on securing React frontend applications and SAP CAP backends on SAP BTP. It explains SAP’s authentication and authorization model using XSUAA, including how applications authenticate using the default Identity Provider and how JWT-based security is enforced across the application router, frontend, and CAP services.
Participants will learn how to define and apply roles and role collections, protect CAP endpoints, and propagate user identity and authorizations end?to?end. The session also explores how the architecture and configuration change when SAP Identity Authentication Service (IAS) is used as the default identity provider instead of the platform default.
Through a live demonstration, the session shows how to secure routes in the application router, configure authentication strategies, assign role collections, and adapt CAP authorization checks. The outcome is a secured, running one?page React application with role?based access control.

After participating in this live session, you will be able to:

• Understand authentication and authorization concepts on SAP BTP using XSUAA
• Configure application authentication with the default SAP BTP Identity Provider
• Secure CAP services and application routes using role-based authorization
• Define roles, scopes, and role collections for CAP applications
• Understand architectural and configuration differences when using IAS as the default Identity Provider
• Apply security configuration to React UI, Application Router, and CAP backend
• Deploy and validate a secured end?to?end application on SAP BTP