OAuth configuration 2 – Create OAuth 2.0 client user

Published by Tobias Hofmann on

1 min read

SAP Help

With OAuth 2.0, the access to a resource / service is not done by a user directly, but by an OAuth client. The client logs on to Gateway and sends the user’s access token to the service. Therefore, first step is to create the OAuth 2.0 client in Gateway. This client is not an app, it is a user account of type system that the actual client app will use to log on to SAP Gateway.

Tx: SU01
  • Username: oidclient

Provide user information

  • Last name: client
  • First name: oid
  • User type: System
  • Initial Password: Client123456

Let the world know
Categories: BasisODataSAP

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.


MOR · August 28, 2023 at 12:38

Hello, please clarify, will the subsequent access to Odata and the selection of SAP data be performed under a business user or under the OIDCLIENT system account? After all, the user OIDCLIENT does not have permissions to access business data in SAP if some objects of permissions are entered in Odata.

    Tobias Hofmann · September 12, 2023 at 16:53

    The subsequent access will be done with your SAP user, not the OIDCLIENT. After all, later on in the process, the user needs to authenticate against an IdP and that information is used under the hood to know who you are in the SAP system.

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.