Registering an OAuth 2.0 Client for AS Java

To use the OAuth authentication, you need to register an OAuth 2.0 client on the authorization server (SAP NetWeaver AS for Java).

Prerequisites

You have the SAP_OAUTH_ADMIN role assigned in the user management engine (UME).

Procedure

Access the administration UI at http://<host>:<port>/oauth/admin.
Open the CLIENTS view to manage or register your client.
1. Go to the Data tab and choose the Register New Client button.
  
  To edit an existing client, select the table row and choose the (edit) icon.
2. Enter the following data for your client, where necessary:
  - Name (required)
    
    The default name of the client. If no translation for any language is provided, or no translation for the desired locale is found, the default client’s name will be used.
  - Description (optional)
    
    The default description of the client. If no translation for any language is provided, or no translation for the desired locale is found, the default client’s description will be used.
  - ID (required)
    
    The client’s ID is automatically generated upon client registration.
    
    Note
    
    The client ID can contain only alphanumeric characters, underscores, and hyphens, and is up to 255 characters long.
  - Authorization Grant (required)
    
    Note
    
    Only authorization code is supported as an authorization grant type.
  - Secret
    
    The client secret can only be entered for confidential clients. If a client is marked as confidential, the Secret field is required.
  - URL (optional)
    
    The client’s web site URL.
  - Redirect URI (required)
    
    The redirection endpoint to which the authorization server redirects the user agent after completing its interaction with the resource owner.
  - Token Lifetime (optional)
    
    The lifetime of the access tokens issued for this client. The default value is infinite lifetime.
    
    Note
    
    Only positive numbers are allowed.
  - Refresh Token Lifetime (optional)
    
    The lifetime of the refresh tokens issued for this client. The default value is infinite lifetime.
    
    Note
    
    Only positive numbers are allowed.
  - Authorization Code Lifetime (optional)
    
    The lifetime of the authorization codes issued for this client. The default value is 30 minutes.
    
    Note
    
    Only positive numbers are allowed.
3. To add translations, choose the Translations button.
  
  The translations are used for the client’s name and description to be displayed based on a preferred locale setting.
  
  Note
  
  There can be only one translation per language.
4. Go to the Scopes tab and choose the New Scope button.
5. Provide the following information in the table:
  - ID (required)
    
    The scope’s ID. This scope ID has to match with a scope in the UME for dynamic authorizations. Otherwise, the OAuth authorizations mechanism will not work as expected.
    
    Note
    
    The scope's ID can contain only alphanumeric characters and underscores, and there can be no duplicate scope IDs for the same client.
  - Description (required)
    
    The default description of the scope. If no translation for any language is provided, or no translation for the desired locale is found, the default scope’s description will be used.
6. To add translations, open the Translations view with the (coursebook) icon and choose the Add button.
  
  The translations are used for the scope’s description to be displayed based on a preferred locale settings. There can be only one translation per language.
7. Save your configuration.
To view the URLs for the endpoints, choose ENDPOINTS.
The following information is displayed on this page:
- Authorization endpoint URL
- Token endpoint URL
- URL for accessing the end user UI