fix: Reintroduce option to pass iss in getClientCredentials function (#5502)

Author: tomfrenken

.changeset/nice-comics-punch.md

@@ -0,0 +1,5 @@
+---
+'@sap-cloud-sdk/connectivity': patch
+---
+
+[Fixed Issue] Reintroduce option to pass `iss` property to `getClientCredentialsToken` function.

packages/connectivity/src/scp-cf/jwt/jwt.ts

@@ -62,10 +62,26 @@ export function getTenantId(
   return decodedJwt.zid || decodedJwt.app_tid || undefined;
 }
 
+/**
+ * Check if the given JWT is not an IAS token.
+ * Currently, there are only two domains for IAS tokens:
+ * `accounts.ondemand.com` and `accounts400.onemand.com`.
+ * @param decodedJwt - The decoded JWT to check.
+ * @returns Whether the given JWT is not an IAS token.
+ */
+function isNotIasToken(decodedJwt: JwtPayload): boolean {
+  return (
+    !decodedJwt.iss?.includes('accounts.ondemand.com') &&
+    !decodedJwt.iss?.includes('accounts400.ondemand.com')
+  );
+}
+
 /**
  * @internal
- * Retrieve the subdomain from the decoded XSUAA JWT. If the JWT is not in XSUAA format, returns `undefined`.
- * @param jwt - JWT to retrieve the subdomain from.
+ * Retrieve the subdomain from the decoded XSUAA JWT or ISS object.
+ * If it is an IAS JWT, or the passed object doesn't contain an ISS propety,
+ * returns `undefined`.
+ * @param jwt - JWT or ISS object to retrieve the subdomain from.
  * @returns The subdomain, if available.
  */
 export function getSubdomain(
@@ -74,7 +90,7 @@ export function getSubdomain(
   const decodedJwt = jwt ? decodeJwt(jwt) : {};
   return (
     decodedJwt?.ext_attr?.zdn ||
-    (isXsuaaToken(decodedJwt) ? getIssuerSubdomain(decodedJwt) : undefined)
+    (isNotIasToken(decodedJwt) ? getIssuerSubdomain(decodedJwt) : undefined)
   );
 }