SAP Knowledge Base Article - Preview

2876853 - User does not have scope "uaa.user" / JWT token does not include scope "uaa.user"


  • Calling the UAA token endpoint fails with:

    "error": "insufficient_scope",
    "error_description": "Insufficient scope for this resource",
    "scope": "uaa.user"

    From Java:
    TokenRequestDeniedException: Unable to get access token: user does not have scope "uaa.user". This is mandatory for the user token flow. Please make sure to that this scope is assigned to the user.

  • Calling an application fails with:
    500 - JWT token does not include scope "uaa.user"



  • SAP Cloud Platform, Cloud Foundry environment
  • SAP HANA Extended Application Services, Advanced model


SAP BTP, private cloud edition all versions ; SAP Cloud Platform, private edition all versions


oAuth2SAMLBearerAssertion odata s4hana s4 hana SDK xsuaa uaa.user oauth/token scp cf , KBA , BC-CP-CF-SEC-IAM , UAA, Authentication, Authorization, Trust Mgmnt , BC-XS-SEC , UAA and Security for HANA XSA engine , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.