Skip to content

Commit eeb66b4

Browse files
NiklasHerrmann21NiklasHerrmann21
committed
get-Xsuaa-Token
- MR comments, reworked README.md
1 parent ac14899 commit eeb66b4

File tree

1 file changed

+12
-10
lines changed

1 file changed

+12
-10
lines changed

README.md

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -148,23 +148,25 @@ The [`TokenExchangeMode`](java-security/src/main/java/com/sap/cloud/security/tok
148148
when
149149
and how IAS tokens are exchanged:
150150

151-
| Mode | Behavior |
152-
|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
153-
| **`DISABLED`** | No exchange. Each token type is validated and used as-is. |
154-
| **`PROVIDE_XSUAA`** | IAS token is validated and exchanged for XSUAA, but the IAS token remains primary in the security context. The XSUAA token is accessible via [`SecurityContext.getXsuaaToken()`](java-api/src/main/java/com/sap/cloud/security/token/SecurityContext.java). |
155-
| **`FORCE_XSUAA`** | IAS token is exchanged for XSUAA and the XSUAA token replaces the IAS token in the security context. The application treats all requests as XSUAA-authenticated. |
151+
| Mode | Behavior |
152+
|---------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
153+
| **`DISABLED`** | No exchange. Each token type is validated and used as-is. |
154+
| **`PROVIDE_XSUAA`** | IAS token is validated and exchanged for XSUAA, but the IAS token remains primary in the security context. The XSUAA token is accessible via [`SecurityContext.getXsuaaToken()`](java-api/src/main/java/com/sap/cloud/security/token/SecurityContext.java). |
155+
| **`FORCE_XSUAA`** | IAS token is exchanged for XSUAA and the XSUAA token replaces the IAS token in the security context. The resulting security context looks as if an XSUAA token had been received directly. |
156+
157+
The Initial token is still available via the [`SecurityContext.getInitialToken()`](java-api/src/main/java/com/sap/cloud/security/token/SecurityContext.java) getter and the ID token is available with [`SecurityContext.getIdToken()`](java-api/src/main/java/com/sap/cloud/security/token/SecurityContext.java)
156158

157159
**Mode Selection Guide**:
158160

159-
- Use **`PROVIDE_XSUAA`** when gradually building IAS-based features while maintaining XSUAA authorization
160-
- Use **`FORCE_XSUAA`** for maximum backward compatibility—your app operates as if it were XSUAA-only
161-
- Use **`DISABLED`** after completing the migration to IAS
161+
- Use **`PROVIDE_XSUAA`** when the app is migrated to AMS authorization and wants to offer combined XSUAA and AMS authorizations for migrated tenants (requires additional configuration of the AMS client library)
162+
- Use **`FORCE_XSUAA`** for maximum backward compatibility—the app operates based on XSUAA tokens like before
163+
- Use **`DISABLED`** or remove the property completely after completing the migration to IAS
162164

163165
#### Prerequisites for Token Exchange
164166

165167
1. Both XSUAA and IAS service bindings must be configured
166-
2. IAS service binding must include `xsuaa-cross-consumption: true` parameter (Cloud Foundry)
167-
3. On Kubernetes/Kyma, ensure XSUAA trusts the IAS identity provider
168+
2. IAS service binding must include `xsuaa-cross-consumption: true` parameter
169+
3. Ensure XSUAA trusts the IAS identity provider
168170

169171
#### Token Exchange Flow Summary
170172

0 commit comments

Comments
 (0)