Hello experts!
We are using a Custom Schema from SAP Cloud Identity Service to indicate user data, such as the centers the user has access to, to restrict data access for a CAP application.
We are propagating this in the Cloud Identity Service application to be consumed both in a UI5 application, via a request to the sap-approuter-userapi service, and to restrict data access in CAP with the @restrict annotation.
In Cloud Identity Service, we parameterize users as follows:
The problem is that, instead of seeing an array of strings in the API, we are seeing a string with the array value inside.
In the request to the sap-approuter-userapi service, at the attributes endpoint, we get:
When we expected to get an array of strings as in the scopes or Groups properties.
At CAP filters level, we have:
And debugging the filters, the value that arrives in the read implementation would be the following:
This causes the restrict not to work as it filters by the string and not by the N values we parameterized in SAP Cloud Identity Service.
In the attribute type configuration in xs-security.json, we have defined it as “s” because we have not found in the documentation how to define it as an object or an array of strings.
We have found a workaround both in UI5 and in the CAP implementations of the “on” READ to transform that string into an array of strings and create the restrict filters object, but we believe the behavior should be that both the sap-approuter-userapi service API and the automatic implementation in CAP of the user parameters should return an array of strings.
Is this the standard behaviour of custom schema attributes marked as multivalue or are we missing some configuration?
Thank you in advance for your help,
Alejandro.