Reviews

Jonas-Isr · Jonas-Isr · commit ebbef88239e3 · 2025-06-06T13:36:51.000+02:00
diff --git a/cloudplatform/connectivity-oauth/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2Service.java b/cloudplatform/connectivity-oauth/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2Service.java
@@ -36,6 +36,7 @@
 import com.sap.cloud.security.config.ClientIdentity;
 import com.sap.cloud.security.token.Token;
 import com.sap.cloud.security.xsuaa.client.DefaultOAuth2TokenService;
+import com.sap.cloud.security.xsuaa.client.OAuth2ServiceException;
 import com.sap.cloud.security.xsuaa.client.OAuth2TokenResponse;
 import com.sap.cloud.security.xsuaa.client.OAuth2TokenService;
 
@@ -193,12 +194,16 @@ private OAuth2TokenResponse executeClientCredentialsFlow( @Nullable final Tenant
             .getOrElseThrow(e -> buildException(e, tenant));
     }
 
-    private TokenRequestFailedException buildException(@Nonnull final Throwable e, @Nullable final Tenant tenant )
+    private TokenRequestFailedException buildException( @Nonnull final Throwable e, @Nullable final Tenant tenant )
     {
         String msg = "Failed to resolve access token.";
-        //        In case where tenant is subscriber, and we get 401 error, add hint to error message.
-        if( e.getMessage().contains("Http status code 401") && tenant != null ) {
-            msg += " This might be due to missing or wrongly set up dependencies in your SaaS registry.";
+        //        In case where tenant is not the provider tenant, and we get 401 error, add hint to error message.
+        if( e instanceof OAuth2ServiceException
+            && ((OAuth2ServiceException) e).getHttpStatusCode().equals(401)
+            && tenant != null ) {
+            msg +=
+                " In case you are accessing a multi-tenant BTP service, ensure that the service instance is declared as dependency "
+                    + "to SaaS Provisioning Service or Subscription Manager (SMS) and subscribed for the current tenant.";
         }
         return new TokenRequestFailedException(msg, e);
     }
diff --git a/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2IntegrationTest.java b/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2IntegrationTest.java
@@ -191,7 +191,7 @@ void testExtended401ErrorMessage()
             TenantAccessor.executeWithTenant(new DefaultTenant("subscriber", "subscriber"), () -> {
                 assertThatCode(destination::getHeaders)
                     .isInstanceOf(DestinationAccessException.class)
-                    .hasMessageEndingWith("wrongly set up dependencies in your SaaS registry.")
+                    .hasMessageEndingWith("subscribed for the current tenant.")
                     .hasRootCauseInstanceOf(OAuth2ServiceException.class);
             });
         }

Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,7 @@ void testExtended401ErrorMessage()`
`191`	`191`	`TenantAccessor.executeWithTenant(new DefaultTenant("subscriber", "subscriber"), () -> {`
`192`	`192`	`assertThatCode(destination::getHeaders)`
`193`	`193`	`.isInstanceOf(DestinationAccessException.class)`
`194`		`- .hasMessageEndingWith("wrongly set up dependencies in your SaaS registry.")`
	`194`	`+ .hasMessageEndingWith("subscribed for the current tenant.")`
`195`	`195`	`.hasRootCauseInstanceOf(OAuth2ServiceException.class);`
`196`	`196`	`});`
`197`	`197`	`}`