OAuth configuration 6 – Configure OAuth 2.0 Client

Published by Tobias Hofmann on

2 min read

SAP Help: Setting Up an OAuth 2.0 Client

In this step an OAuth client is added. This is the client that logs on to NW ABAP on behalf of the end user. For this, the OAuth client is using an SAP user to log on. This user was created earlier in SU01 and has the S_SCOPE authorization assigned to access the OData service.

Create client

Tx: SOAUTH2

The list of configured clients is shown. In case nothing was configured yet, the list is empty. To add a client, click on Create.

A popup is shown. Insert the client data:

OAuth 2.0 Client ID: oidclient
Description: OAuth client
Token lifetime: 3600 seconds

To get the OAuth client, use the search field. OAuth 2.0 Client ID: select OIDCLIENT. In case you configured the user correctly, it will show up.

Client authentication

Specify the login options. The client may use its credentials or client X.509 certificate to log on.

Resource owner authentication

Specify the supported authentication flows for the OAuth client. The client may authenticate the end user via “SAML 2.0 Bearer” or “Authorization Code”. The demo scenario I use supports only for SAML 2.0 Bearer.

Select the trusted OAuth IdP. This is the IdP added in a previous step. The option “Requeires Attribute client_id” can be selected.

Select the option “Refresh Allowed”. With this, the server will provide the OAuth client a refresh token.

Scope Assignment

Add an OAuth scope. This is the scope assigned to the OData service. The scope was created earlier (step 1.1 or 1.2) and is valid for an OData service.

Click on the selected line (not on add). A list of available scopes is shown.

Select scope ZDEMO_CDS_SALESORDERITEM_CDS_0001

Summary

Finish

The OAuth client is configured.

To see the configuration, click on the button Configuration. This will open a JSON file in the browser.

{"client_id":"OIDCLIENT","auth_uri":"https://vhcalnplci:44300/sap/bc/sec/oauth2/authorize","token_uri":"https://vhcalnplci:44300/sap/bc/sec/oauth2/token","saml20_audience":"NPL001"}
Let the world know

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.