2876853 - User does not have scope "uaa.user" / JWT token does not include scope "uaa.user"

Symptom

Calling the UAA token endpoint fails with:

"error": "insufficient_scope",
"error_description": "Insufficient scope for this resource",
"scope": "uaa.user"
From Java:
TokenRequestDeniedException: Unable to get access token: user does not have scope "uaa.user". This is mandatory for the user token flow. Please make sure to that this scope is assigned to the user.
Calling an application fails with:
500 - JWT token does not include scope "uaa.user"

Environment

SAP Cloud Platform, Cloud Foundry environment
SAP HANA Extended Application Services, Advanced model

Product

SAP BTP, private cloud edition all versions ; SAP Cloud Platform, private edition all versions

Keywords

oAuth2SAMLBearerAssertion odata s4hana s4 hana SDK xsuaa uaa.user oauth/token scp cf , KBA , BC-CP-CF-SEC-IAM , UAA, Authentication, Authorization, Trust Mgmnt , BC-XS-SEC , UAA and Security for HANA XSA engine , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.