Request destination from other subaccount without BTP multi tenancy #2982
Description
Hi there!
we have a very specific architecture where we we have our app deployed in multiple Kyma clusters in different regions. The idea is that customers will be redirected to the cluster with the best response time and only when all services are healthy.
For this particular use-case, we cannot use the standard BTP Multi tenancy concept with the SaaS registry. What we want to achieve now is that we deploy our app in multiple subaccounts within the same global account.
Tenants will still have their own subaccount in their region of choice. SAP IAS is used for the identity federation part. The challenge we have now is that we want to create the destinations in the subaccounts of the tenants. Therefore we need to be able to access the subaccounts destination service. We currently store the service binding details upon onboarding of the tenant in the credstore.
We are able to create and get the destinations by using the old SAP Cloud SDK Core fetchDestination function:
cloudSDK.fetchDestination(<<tenant destination URI>>, <<access_token>>)
However we are not able to do the same with the new getDestination. We have tried with a custom serviceBindingTransformFn and also with the iss but keep on getting the following error:
JKU of the JWT token (https://digicore.authentication.ap10.hana.ondemand.com/token_keys) does not match with the uaa domain (authentication.sap.hana.ondemand.com). Use legacy-token-key.
Is there any possibility to achieve this with the SAP Cloud SDK V2?
Thanks,
Bram