in example/source/RequestOAuth2FromSAPUsingAAD.cs [13:179]
public void Inbound(IInboundContext context)
{
context.Base();
context.ValidateJwt(new ValidateJwtConfig
{
HeaderName = "Authorization",
FailedValidationHttpCode = 401,
RequireScheme = "Bearer",
OpenIdConfigs =
[
new OpenIdConfig
{
Url = "https://login.microsoftonline.com/{{AADTenantId}}/.well-known/openid-configuration"
}
],
Audiences = ["api://{{APIMAADRegisteredAppClientId}}"],
Issuers = ["https://login.microsoftonline.com/{{AADTenantId}}/v2.0"],
RequiredClaims =
[
new ClaimConfig { Name = "scp", Match = "all", Separator = " ", Values = ["user_impersonation"] }
]
});
context.SetHeader("Accept-Encoding", "gzip, deflate");
context.SetVariable("APIMAADRegisteredAppClientId", "{{APIMAADRegisteredAppClientId}}");
context.SetVariable("APIMAADRegisteredAppClientSecret", "{{APIMAADRegisteredAppClientSecret}}");
context.SetVariable("AADSAPResource", "{{AADSAPResource}}");
context.SetVariable("SAPOAuthClientID", "{{SAPOAuthClientID}}");
context.SetVariable("SAPOAuthClientSecret", "{{SAPOAuthClientSecret}}");
context.SetVariable("SAPOAuthScope", "{{SAPOAuthScope}}");
context.SetVariable("SAPOAuthRefreshExpiry", "{{SAPOAuthRefreshExpiry}}");
context.InlinePolicy("<cache-lookup-value key=\"@(\"SAPPrincipal\" + context.Request.Headers.GetValueOrDefault(\"Authorization\",\"\").AsJwt()?.Subject)\" variable-name=\"SAPBearerToken\" />");
context.InlinePolicy("<cache-lookup-value key=\"@(\"SAPPrincipalRefresh\" + context.Request.Headers.GetValueOrDefault(\"Authorization\",\"\").AsJwt()?.Subject)\" variable-name=\"SAPRefreshToken\" />");
if (ContainsSapTokens(context.ExpressionContext))
{
context.SendRequest(new SendRequestConfig
{
Mode = "new",
ResponseVariableName = "fetchSAMLAssertion",
Timeout = 10,
IgnoreError = false,
Url = "https://login.microsoftonline.com/{{AADTenantId}}/oauth2/v2.0/token",
Method = "POST",
Headers =
[
new HeaderConfig
{
Name = "Content-Type",
ExistsAction = "override",
Values = ["application/x-www-form-urlencoded"]
}
],
Body = new BodyConfig { Content = CreateAadTokenRequestBody(context.ExpressionContext) }
});
context.SetVariable("accessToken", GetTokenFromAadResponse(context.ExpressionContext));
context.SendRequest(new SendRequestConfig
{
Mode = "new",
ResponseVariableName = "ferchSapBearer",
Timeout = 10,
IgnoreError = false,
Url = "https://{{SAPOAuthServerAdressForTokenEndpoint}}/sap/bc/sec/oauth2/token",
Method = "POST",
Headers =
[
new HeaderConfig
{
Name = "Content-Type",
ExistsAction = "override",
Values = ["application/x-www-form-urlencoded"]
},
new HeaderConfig
{
Name = "Authorization",
ExistsAction = "override",
Values = [CreateAuthorizationHeaderToSAP(context.ExpressionContext)],
},
new HeaderConfig { Name = "Ocp-Apim-Subscription-Key", ExistsAction = "Delete" }
],
Body = new BodyConfig { Content = CreateSapTokenRequestBody(context.ExpressionContext) }
});
context.SetVariable("SAPResponseObject", GetSAPBearerResponseObject(context.ExpressionContext));
context.SetVariable("SAPBearerTokenExpiry", GetSAPBearerTokenExpiry(context.ExpressionContext));
context.SetVariable("iSAPBearerTokenExpiry", GetIntSAPBearerTokenExpiry(context.ExpressionContext));
context.SetVariable("SAPBearerToken", GetSAPBearerToken(context.ExpressionContext));
context.SetVariable("SAPRefreshToken", GetSAPRefreshToken(context.ExpressionContext));
context.SetVariable("RandomBackOffDelay", GetRandomBackOffDelay(context.ExpressionContext));
context.InlinePolicy(
"<cache-store-value key=\"@(\"SAPPrincipal\" + context.Request.Headers.GetValueOrDefault(\"Authorization\",\"\").AsJwt()?.Subject)\" value=\"@((string)context.Variables[\"SAPBearerToken\"])\" duration=\"@((int)context.Variables[\"iSAPBearerTokenExpiry\"] - (int)context.Variables[\"RandomBackOffDelay\"])\" />");
context.InlinePolicy(
"<cache-store-value key=\"@(\"SAPPrincipalRefresh\" + context.Request.Headers.GetValueOrDefault(\"Authorization\",\"\").AsJwt()?.Subject)\" value=\"@((string)context.Variables[\"SAPRefreshToken\"])\" duration=\"@(int.Parse((string)context.Variables[\"SAPOAuthRefreshExpiry\"]) - (int)context.Variables[\"RandomBackOffDelay\"])\" />");
}
else if (ContainsRefreshTokenOnly(context.ExpressionContext))
{
context.SendRequest(new SendRequestConfig
{
Mode = "new",
ResponseVariableName = "fetchrefreshedSAPBearer",
Timeout = 10,
IgnoreError = false,
Url = "https://{{SAPOAuthServerAdressForTokenEndpoint}}/sap/bc/sec/oauth2/token",
Method = "POST",
Headers =
[
new HeaderConfig
{
Name = "Content-Type",
ExistsAction = "override",
Values = ["application/x-www-form-urlencoded"]
},
new HeaderConfig
{
Name = "Authorization",
ExistsAction = "override",
Values = [CreateAuthorizationHeaderToSAP(context.ExpressionContext)],
}
],
Body = new BodyConfig { Content = CreateSapRefreshTokenRequestBody(context.ExpressionContext) }
});
context.SetVariable("SAPRefreshedResponseObject", GetSAPRefreshResponseObject(context.ExpressionContext));
context.SetVariable("SAPBearerTokenExpiry", GetSAPBearerTokenExpiry(context.ExpressionContext));
context.SetVariable("iSAPBearerTokenExpiry", GetIntSAPBearerTokenExpiry(context.ExpressionContext));
context.SetVariable("SAPBearerToken", GetSAPBearerToken(context.ExpressionContext));
context.SetVariable("SAPRefreshToken", GetSAPRefreshToken(context.ExpressionContext));
context.SetVariable("RandomBackOffDelay", GetRandomBackOffDelay(context.ExpressionContext));
context.InlinePolicy("<cache-store-value key=\"@(\"SAPPrincipal\" + context.Request.Headers.GetValueOrDefault(\"Authorization\",\"\").AsJwt()?.Subject)\" value=\"@((string)context.Variables[\"SAPBearerToken\"])\" duration=\"@((int)context.Variables[\"iSAPBearerTokenExpiry\"] - (int)context.Variables[\"RandomBackOffDelay\"])\" />");
context.InlinePolicy("<cache-store-value key=\"@(\"SAPPrincipalRefresh\" + context.Request.Headers.GetValueOrDefault(\"Authorization\",\"\").AsJwt()?.Subject)\" value=\"@((string)context.Variables[\"SAPRefreshToken\"])\" duration=\"@(int.Parse((string)context.Variables[\"SAPOAuthRefreshExpiry\"]) - (int)context.Variables[\"RandomBackOffDelay\"])\" />");
}
if (IsNotGetOrHeadRequest(context.ExpressionContext))
{
context.SendRequest(new SendRequestConfig
{
Mode = "new",
ResponseVariableName = "SAPCSRFToken",
Timeout = 10,
IgnoreError = false,
Url = GetRequestURL(context.ExpressionContext),
Method = "HEAD",
Headers =
[
new HeaderConfig { Name = "X-CSRF-Token", ExistsAction = "override", Values = ["Fetch"] },
new HeaderConfig
{
Name = "Authorization",
ExistsAction = "override",
Values = [GetSAPAuthorizationBearerToken(context.ExpressionContext)],
}
],
});
if (IsCSRFRequestSuccessfull(context.ExpressionContext))
{
context.SetVariable("SAPCSRFToken", GetCSRFToken(context.ExpressionContext));
context.SetVariable("SAPXSRFCookie", GetXsrfCookie(context.ExpressionContext));
}
}
context.SetHeader("Authorization", GetSAPAuthorizationBearerToken(context.ExpressionContext));
context.RemoveHeader("Ocp-Apim-Subscription-Key");
if (IsGetNotToMetadataRequest(context.ExpressionContext))
{
context.SetHeader("$format", "json");
}
}