{"id":20484910,"url":"https://github.com/sap-samples/btp-user-management-microservice","last_synced_at":"2025-09-25T03:31:13.529Z","repository":{"id":59866194,"uuid":"536710580","full_name":"SAP-samples/btp-user-management-microservice","owner":"SAP-samples","description":"Sample CAP microservice to manage business applications' users and their respective authorizations. ","archived":false,"fork":false,"pushed_at":"2024-12-18T15:06:23.000Z","size":319,"stargazers_count":13,"open_issues_count":0,"forks_count":6,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-12-18T15:44:41.006Z","etag":null,"topics":["authentication","authorization","btp","cloud-application-programming-model","cloud-foundry","security","xsuaa"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SAP-samples.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-14T18:27:21.000Z","updated_at":"2024-12-18T15:06:27.000Z","dependencies_parsed_at":"2024-11-15T16:41:52.373Z","dependency_job_id":null,"html_url":"https://github.com/SAP-samples/btp-user-management-microservice","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-samples%2Fbtp-user-management-microservice","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-samples%2Fbtp-user-management-microservice/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-samples%2Fbtp-user-management-microservice/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-samples%2Fbtp-user-management-microservice/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SAP-samples","download_url":"https://codeload.github.com/SAP-samples/btp-user-management-microservice/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234149499,"owners_count":18787156,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","btp","cloud-application-programming-model","cloud-foundry","security","xsuaa"],"created_at":"2024-11-15T16:26:31.867Z","updated_at":"2025-09-25T03:31:13.172Z","avatar_url":"https://github.com/SAP-samples.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SAP BTP User Management Microservice\n[![License: Apache2](https://img.shields.io/badge/License-Apache2-green.svg)](https://opensource.org/licenses/Apache-2.0)\n[![REUSE status](https://api.reuse.software/badge/github.com/SAP-samples/btp-user-management-microservice)](https://api.reuse.software/info/github.com/SAP-samples/btp-user-management-microservice)\n\n## Description\nThis sample code aims to help SAP developers (customers or partners) to develop **secure applications** on **SAP Business Technology Platform** using the **Authorization and Trust Management Service (XSUAA) APIs** from **Cloud Foundry**. The code is developed using the **SAP Cloud Application Programming Model (CAP) NodeJS framework** and implements a **microservice** to **manage business applications' users and their respective authorizations** with a simple **SAP Fiori Elements UI** for testing.\n\u003e **IMPORTANT NOTE**: please be aware that the code in this repository is targeted to experienced CAP developers and is provided as is, serving exclusively as a reference for further developments\n\n## Solution Architecture\n![BTP User Management Microservice Architecture](https://i.imgur.com/iaa5IXO.png \"BTP User Management Microservice\")\n\n## Requirements\n- SAP Business Technology Platform **subaccount** (productive or trial) with **Cloud Foundry** environment enabled\n- SAP Business Application Studio entitlement / subscription (**Full Stack Cloud Application Dev Space**)\n- SAP Workzone Standard (formerly SAP Launchpad Service) entitlement / subscription\n\n## Download and Installation\n\n### Clone the Project Repo\n1. Access your **SAP Business Application Studio** full-stack cloud development **Dev Space**\n2. Open a new terminal (if not yet opened): **Terminal** \u003e **New Terminal**\n3. From the default **projects** folder, create the project directory:\n\u003e **NOTE**: if you have not set the **projects** folder to become your **current workspace** in BAS your terminal might end-up in the **user** folder. So, do `cd projects` before executing the command below.   \n```\nmkdir user-mngr\n```\n4. Clone this repo into the recently created directory:\n```\ngit clone https://github.com/SAP-samples/btp-user-management-microservice.git user-mngr\n```\n\n### Create the Required Service Instances\n1. Login to **Cloud Foundry**:\n```\ncd user-mngr \u0026\u0026 cf login\n```\n2. Create the **Destination** service:\n```\ncf create-service destination lite dest-svc\n```\n3. Create the **XSUAA** service (**application plan**):\n```\ncf create-service xsuaa application xsuaa-svc -c xs-security.json\n```\n4. Create the **XSUAA** service (**apiaccess plan**):\n```\ncf create-service xsuaa apiaccess xsuaa-api\n```\n5. Create the **XSUAA** service (**apiaccess plan**) **service key**:\n```\ncf create-service-key xsuaa-api xsuaa-api-sk\n```\n\n### Bind Destination and XSUAA (application) Services to the CAP Project\n1. Temporarily rename the **.env** file to **default.env**:\n```\nmv .env default.env\n```\n2. On the **left-hand pane** of BAS click on the **Cloud Foundry** icon (small lightbulb)\n3. Expand the **Services** node\n4. Right-click the **dest-svc (destination)** item\n5. Select **Bind a service to a locally run application**\n6. From the **directories list** select the **user-mngr** directory and click **OK**\n7. Repeat steps 4 to 6 for the **xsuaa-svc (xsuaa)** item\n8. Go back to the **Explorer**, open the **recently created .env** file and adjust its contents to become a JSON object like demonstrated below:\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://i.imgur.com/VYqDurS.png\" alt=\"VCAP_SERVICES JSON object\"/\u003e\u003c/p\u003e\n\n9. Rename the **.env** file to **default-env.json**:\n```\nmv .env default-env.json\n```\n\u003e **HINT**: you can open the **recently renamed file** (default-env.json) and format the JSON content with **ALT+Shift+F** for better visualization.\n10. Rename the **default.env** file back to **.env**\n```\nmv default.env .env\n```\n\n### Install Project Dependencies\n1. Setup **npm registry**:\n```\nnpm config set registry https://registry.npmjs.org/\n```\n\u003e **NOTE**: this is important to avoid issues when running `npm clean-install` in the MTA build process.\n2. Install **service dependencies**:\n```\nnpm install\n```\n3. Install **UI dependencies**:\n```\ncd app/user-mngr \u0026\u0026 npm install \u0026\u0026 cd ../..\n```\n\n### Create the Destination to the XSUAA API\n1. Display the **XSUAA (apiaaccess plan) service key**:\n```\ncf service-key xsuaa-api xsuaa-api-sk\n```\n2. Take note (**copy**) the following **service key properties**:\n - apiurl\n - clientid\n - clientsecret\n - url\n3. Open the **BTP cockpit** and access **your subaccount** (same subaccount used to start the **BAS Dev Space**)\n4. On the **left-hand pane** expand the **Connectivity** node\n5. Click on **Destinations**\n6. Click on **New Destination**\n7. Fill-in the **required information** like demonstrated below:\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://i.imgur.com/YOMu9hd.png\" alt=\"XSUAA API destination\"/\u003e\u003c/p\u003e\n\n8. Click **Save**\n\n### Assign the Application's Role Collections to Your User\n1. Open the **BTP cockpit** and access **your subaccount** (same subaccount used to start the **BAS Dev Space**)\n2. On the **left-hand pane** expand the **Security** node and click on **Users**\n3. In the **users list** on the right, click on **your user**\n\u003e **HINT**: if the users list is to long and you find it difficult to locate your user, you can **use the search box** at the top.\n4. In the **user's details** at the right, click on **Assign Role Collection**\n5. Find the role collections starting with **GenericApp**\n6. Check both **role collections**\n7. Click on **Assign Role Collection**\n\n### Test Application Locally\n1. **Start** the application in BAS:\n```\ncds watch\n```\n2. **CTRL+Click** the **http://localhost:4004** link in the terminal to open the **service home page** in a new tab\n\u003e **NOTE**: you must **allow pop-ups** for your **BAS URL** in your browser in order to get the new tab to be properly opened.\n3. Click on the **User** link\n4. When prompted to **Sign in** type **john** as the **Username** and click **Sign in**\n5. You should see the **information from your user** in JSON format like demonstrated below:\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://i.imgur.com/DQUnWGg.png\" alt=\"User information\"/\u003e\u003c/p\u003e\n\n6. Click on the other two links (**IdP** and **Authorization**) to check whether they are working fine as well\n7. In the **Terminal** press **CTRL+C** to terminate the service\n\n### Deploy Application to Cloud Foundry\n1. From the **Explorer** open the **mta.yaml** file\n2. Search for the **[your BTP subdomain]** string and replace it with the **subdomain** of **your BTP subaccont**\n\u003e **HINT**: you can find the **subdomain name** in the **Overview** page of your subaccount in the **BTP cockpit**\n3. From the **Explorer** open the **app/user-mngr/webapp/manifest.json** file and do the same search \u0026 replace procedure as in the previous step\n4. In the **Explorer** right-click on the **mta.yaml** file and select **Build MTA Project**\n5. When the build process finishes, an **mta_archives** directory will appear in the **Explorer**\n6. Expand the **mta_archives** directory\n7. Right-click the  **user-mngr_1.0.0.mtar** and select **Deploy MTA Archive**\n\n### Test the Application in Cloud Foundry\n1. On the **left-hand pane** of your **BTP cockpit**, click on **HTML5 applications**\n\u003e **NOTE**: the applications will be listed only if you have at least **SAP Workzone Standard (formerly SAP Launchpad Service)** enabled in your subaccount (please, see the **Requirements** section).\n2. Click on the **usermngr** link\n3. The **Fiori Elements UI** of the service will open in a new tab\n4. You can use this UI to **fully test** the microservice: **create**, **update** and/or **delete** users of your application (users who have the **GenericApp role collections** assigned)\n\n\u003e **FINAL NOTE**: having the application deployed to the **HTML5 apps repository** you can optionally add it to a **SAP Workzone Standard site**.\n\n## Code Details\n\nYou can find a detailed explanaton about the code of this project in [**this blog post**](https://community.sap.com/t5/technology-blogs-by-sap/build-a-user-management-microservice-in-btp-with-cap/ba-p/13521329).\n\n## Known Issues\nNo known issues.\n\n## How to obtain support\n[Create an issue](https://github.com/SAP-samples/btp-user-management-microservice/issues) in this repository if you find a bug or have questions about the content.\n \nFor additional support, [ask a question in SAP Community](https://community.sap.com/t5/technology-q-a/qa-p/technology-questions).\n\n## Contributing\nIf you wish to contribute code, offer fixes or improvements, please send a pull request. Due to legal reasons, contributors will be asked to accept a DCO when they create the first pull request to this project. This happens in an automated fashion during the submission process. SAP uses [the standard DCO text of the Linux Foundation](https://developercertificate.org/).\n\n## License\nCopyright (c) 2022 SAP SE or an SAP affiliate company. All rights reserved. This project is licensed under the Apache Software License, version 2.0 except as noted otherwise in the [LICENSE](LICENSE) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsap-samples%2Fbtp-user-management-microservice","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsap-samples%2Fbtp-user-management-microservice","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsap-samples%2Fbtp-user-management-microservice/lists"}