OAuth configuration 1.1 - Generate OAuth scope for OData service using report

SAP Help: Enabling OAuth 2.0 Authentication for OData Services 🔗

For the OData service used, see my blog Create an OData service from CDS 🔗.

For each OData service you want to access through OAuth, a unique scope 🔗 is needed. The scope is based on the OData service. The scope is needed to know if the client can access the resource provided by the scope. The scope is assigned to a user through an authorization profile (security object S_SCOPE). Before you can assign the scope to a user, you must know the scope of the OData service.

To generate a scope, report /IWFND/R_OAUTH_SCOPES is used.

Tx: SE38
Report: /IWFND/R_OAUTH_SCOPES

The following parameters are needed to run the report:

Technical service name: ZDEMO_CDS_SALESORDERITEM_CDS
Service Doc. Identifier: technical name and suffix _0001 (version)

Service Doc. Identifier: ZDEMO_CDS_SALESORDERITEM_CDS_0001
Description of the scope: Lorem ipsum

Create OAuth scope for service

Run report.

Note

Creating a scope will only work when no scope for the service already exists. In case you activated OAuth for the service in /IWFND/MAINT_SERVICE, a scope was created automatically.