I have Mendix application with a bound Xsuaa connector. Somewhere on my cloud environment it should store the secretKey to verify my oAuth tokens. Where is this key located?
2
I know verifying the bearer tokens is done automatically outside the mendix context when a user tries to sign in with SSO. So normally you wouldnt need to know this key. But i'm also using this token in a published Odataservice in another mendix application. I need the key here to unsign the token, to check if im really allowed to get this data in this application. I can see in the java code StartXsuaaIntegration.java that it tries to get some settings from the current environment the app is running on. This settings object is later used to getSecretKey(). "final XsuaaBindingSettings settings = XsuaaBindingSettings.importSettingsFromEnvironment();” But how do i acces these settings from the sprintr environment? It does not look like developers/technicaladmins have rights to see this?