OAuth configuration 1.1 – Generate OAuth scope for OData service using report

Published by Tobias Hofmann on

1 min read

SAP Help: Enabling OAuth 2.0 Authentication for OData Services

For the OData service used, see my blog Create an OData service from CDS.

For each OData service you want to access through OAuth, a unique scope is needed. The scope is based on the OData service. The scope is needed to know if the client can access the resource provided by the scope. The scope is assigned to a user through an authorization profile (security object S_SCOPE). Before you can assign the scope to a user, you must know the scope of the OData service.

To generate a scope, report /IWFND/R_OAUTH_SCOPES is used.

Tx: SE38
Report: /IWFND/R_OAUTH_SCOPES

The following parameters are needed to run the report:

  • Technical service name: ZDEMO_CDS_SALESORDERITEM_CDS
  • Service Doc. Identifier: technical name and suffix _0001 (version)
Service Doc. Identifier: ZDEMO_CDS_SALESORDERITEM_CDS_0001
Description of the scope: Lorem ipsum

Create OAuth scope for service

Run report.

Note

Creating a scope will only work when no scope for the service already exists. In case you activated OAuth for the service in /IWFND/MAINT_SERVICE, a scope was created automatically.

Let the world know

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

1 Comment

Delete OAuth scope | It's full of stars! · June 30, 2020 at 19:00

[…] service with OAuth, a scope is needed. I blogged about how to create a scope (using the wizard or a report) already. While adding a scope to a service is very easy, deleting is a little bit more effort. For […]

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.