improve message

Jonas-Isr · Jonas-Isr · commit 5e36884b74a6 · 2025-06-10T15:39:05.000+02:00
diff --git a/cloudplatform/connectivity-oauth/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2Service.java b/cloudplatform/connectivity-oauth/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2Service.java
@@ -43,6 +43,7 @@
 import io.vavr.CheckedFunction0;
 import io.vavr.control.Try;
 import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -51,6 +52,7 @@
  * This interface handles the communication with an OAuth2 service.
  */
 @RequiredArgsConstructor( access = AccessLevel.PACKAGE )
+@AllArgsConstructor( access = AccessLevel.PRIVATE )
 @Slf4j
 class OAuth2Service
 {
@@ -89,6 +91,8 @@ class OAuth2Service
     @Nonnull
     @Getter( AccessLevel.PACKAGE )
     private final ResilienceConfiguration resilienceConfiguration;
+    @Nullable
+    private ServiceIdentifier serviceIdentifier;
 
     // package-private for testing
     @Nonnull
@@ -196,16 +200,25 @@ private OAuth2TokenResponse executeClientCredentialsFlow( @Nullable final Tenant
 
     private TokenRequestFailedException buildException( @Nonnull final Throwable e, @Nullable final Tenant tenant )
     {
-        String msg = "Failed to resolve access token.";
+        String message = "Failed to resolve access token.";
         //        In case where tenant is not the provider tenant, and we get 401 error, add hint to error message.
         if( e instanceof OAuth2ServiceException
             && ((OAuth2ServiceException) e).getHttpStatusCode().equals(401)
             && tenant != null ) {
-            msg +=
-                " In case you are accessing a multi-tenant BTP service, ensure that the service instance is declared as dependency "
-                    + "to SaaS Provisioning Service or Subscription Manager (SMS) and subscribed for the current tenant.";
+            String extension;
+            if( serviceIdentifier != null ) {
+                extension =
+                    " In case you are accessing a multi-tenant BTP service on behalf of a subscriber tenant, ensure that the service instance (here, of the "
+                        + serviceIdentifier
+                        + " service) is declared as dependency to SaaS Provisioning Service or Subscription Manager (SMS) and subscribed for the current tenant.";
+            } else {
+                extension =
+                    " In case you are accessing a multi-tenant BTP service on behalf of a subscriber tenant, ensure that the service instance"
+                        + " is declared as dependency to SaaS Provisioning Service or Subscription Manager (SMS) and subscribed for the current tenant.";
+            }
+            message += extension;
         }
-        return new TokenRequestFailedException(msg, e);
+        return new TokenRequestFailedException(message, e);
     }
 
     private void setAppTidInCaseOfIAS( @Nullable final String tenantId )
@@ -335,6 +348,7 @@ static class Builder
         private TenantPropagationStrategy tenantPropagationStrategy = TenantPropagationStrategy.ZID_HEADER;
         private final Map<String, String> additionalParameters = new HashMap<>();
         private ResilienceConfiguration.TimeLimiterConfiguration timeLimiter = OAuth2Options.DEFAULT_TIMEOUT;
+        private ServiceIdentifier serviceIdentifier;
 
         @Nonnull
         Builder withTokenUri( @Nonnull final String tokenUri )
@@ -380,6 +394,7 @@ Builder withTenantPropagationStrategy( @Nonnull final TenantPropagationStrategy
         @Nonnull
         Builder withTenantPropagationStrategyFrom( @Nullable final ServiceIdentifier serviceIdentifier )
         {
+            this.serviceIdentifier = serviceIdentifier;
             final TenantPropagationStrategy tenantPropagationStrategy;
             if( ServiceIdentifier.IDENTITY_AUTHENTICATION.equals(serviceIdentifier) ) {
                 tenantPropagationStrategy = TenantPropagationStrategy.TENANT_SUBDOMAIN;
@@ -440,7 +455,8 @@ OAuth2Service build()
                 onBehalfOf,
                 tenantPropagationStrategy,
                 additionalParameters,
-                resilienceConfig);
+                resilienceConfig,
+                serviceIdentifier);
         }
     }
 
diff --git a/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2IntegrationTest.java b/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2IntegrationTest.java
@@ -191,6 +191,7 @@ void testExtended401ErrorMessage()
             TenantAccessor.executeWithTenant(new DefaultTenant("subscriber", "subscriber"), () -> {
                 assertThatCode(destination::getHeaders)
                     .isInstanceOf(DestinationAccessException.class)
+                    .hasMessageContaining("identity service")
                     .hasMessageEndingWith("subscribed for the current tenant.")
                     .hasRootCauseInstanceOf(OAuth2ServiceException.class);
             });
