SAP Cloud SDK - Accessing Auth Token Destination Error: Failed to read authentication token

Question

Currently using CAP and SAP Cloud SDK to retrieve a destination of OAuth2SAMLBearerAssertion type. We have done the relevant setup in BTP and S4HC found here: https://blogs.sap.com/2021/05/10/oauth2samlbearerassertion-flow-with-the-sap-btp-destination-service.-s-4hana-cloud./

We are currently using the following destination config: Destination Config

In our CAP application, we are trying to access the destination using:

DestinationAccessor.getDestination(Constants.DEFAULT_S4_HANA_CLOUD);

However when we get the following error:

Failed to read authentication token. The destination service responded with an error: Retrieval of OAuthToken failed due to: Cannot determine user to propagate for OAuth2SAMLBearerAssertion destination. Either provide user_token JWT token (https://docs.cloudfoundry.org/api/uaa/version/4.7.1/index.html#user-token-grant) when retrieving the destination or configure it with SystemUser.

How can this be possible if I am able to get the token via the following?

AuthToken currentToken = AuthTokenAccessor.getCurrentToken();
AuthToken xsuaaServiceToken = AuthTokenAccessor.getXsuaaServiceToken();

I have also tried to authenticate with the token passed ie

AuthTokenAccessor.executeWithAuthToken(currentToken,  () -> DestinationAccessor.getDestination(Constants.DEFAULT_S4_HANA_CLOUD));

Are we missing a crucial step in the process? Has anyone encountered this issue before?

How are we able to correctly pass the AuthToken to the destination?

Here is a snippet of my dependencies as requested: https://pastebin.com/iweEDfyN

Thanks in Advance!

Answer 1

UPDATE : I found out that the issue was that we did not have /IWFND/SG_MED_CATALOG_0002 in our destinations scope list - which had some roles in it.