OAuth Authentication

OAuthStep navigates the end user to the SAP Cloud Platform Log On page in order to execute an IDP based authentication and then execute an OAuth2 based authorization.

The result is persisted in both cases to the cookie store and to the OAuth store. For the reset scenario, the cookie store is deleted. (The iOS equivalent is OAuth2AuthenticationStep.swift.)

Input Parameters

Mandatory input parameters:

  • onboardingParameters – This setting is provided on the flowContext typically by the WelcomeScreenStep.

Using OAuthStep

  1. Initiate the step:

      OAuthStep oauthStep = new OAuthStep();
  2. Specify the execute method's FlowActionHandler parameter's "onFailure" and "onSuccess" behaviour:

      flowManagerService.execute(flow, flowContext,
                new FlowActionHandler() {
            public void onFailure(Throwable t) {
              //error handling
            public void onSuccess(FlowContext result) {
              //read the result

    Behaviour of OAuthStep

The step sends a message for the SAMLAuthLauncher endpoint of the server specified by the onboarding parameters.

If there is no valid session in the cookie store of the device, then the step displays the UI of the foundation layer, which consists of a WebView where the answer of the IDP is displayed.

The end user can enter a username and password required for server authentication. After successful authentication, the session cookies are stored in the cookie store and the authorization screen is displayed, where the end user can grant the rights required for the app.

After the successful authorization, the oauth token is stored in the cookie store and in the OAuth store object.

Relationship to Other Steps

  • OAuthStoreStep uses the output of this step in order to store the OAuth token in the application store.