Interface DestinationAccessorOptions

Option to enable/disable the IAS token to XSUAA token exchange.

This property is only considered in case no jwt is provided. It is meant for situations where you do not have a token e.g. background processes. The value for iss is the issuer field of a JWT e.g. https://.localhost:8080/uaa/oauth/token.

ATTENTION: If this property is used, no validation of the provided subdomain value is done. This differs from how the jwt is handled. Never pass a user-supplied or request-derived value directly to this field without verification. An unvalidated iss value controls which BTP tenant's destinations (including embedded credentials and OAuth tokens) are returned, enabling cross-tenant data access if an attacker can influence this value. So be careful that the used value is not manipulated and breaks the tenant isolation of your application.

The user token of the current request.

ATTENTION: The property is mandatory in the following cases:

• User-dependent authentication flow is used, e.g., OAuth2UserTokenExchange, OAuth2JWTBearer, OAuth2SAMLBearerAssertion, SAMLAssertion or PrincipalPropagation.
• Multi-tenant scenarios with destinations maintained in the subscriber account. This case is implied if the selectionStrategy is set to alwaysSubscriber.
• IAS business user authentication (OAuth2JWTBearer). In this case, the JWT is used as the assertion for the IAS token exchange. The authentication type is set via the iasOptions parameter when used with getDestinationFromServiceBinding.

The token is used to request an access token from an OAuth server. The value is mandatory for authentication type OAuth2RefreshToken and is ignored for other authentication types. The value must be provided in a refresh token format.

Method that implements the selection strategy of the retrieved destination. Uses subscriberFirst per default. Use the selector helper DestinationSelectionStrategies to select the appropriate selection strategy.