Developer

Configuring OAuth Authentication

Configure your Kapsel application to register for an SAP Cloud Platform mobile service for development and operations application that's configured to enforce OAuth authorization. This layer allows users to authenticate with an SAP Cloud Platform Authorization Endpoint to get application access to user accounts.

The logon process includes:
  • Authentication with an SAP Cloud Platform Authorization Endpoint.
  • Request OAuth Access and OAuth Refresh Tokens from SAP Cloud Platform mobile service for development and operations.
  • Session Cookie for upcoming service requests.
You can connect to an OAuth-protected server using the SAP Discovery Service (Mobile Place) or directly provide the configuration data (runtime configuration). A valid OAuth configuration received from the Discovery Service has the following data format:
{
"auth" : [{
	"type" : "oauth2",
	"config" : {
	"oauth2.authorizationEndpoint" : 
"<SAP Cloud Platform Authorization Endpoint>",
	"oauth2.clientID" : 
"<clientID>",
	"oauth2.tokenEndpoint" : 
"<SAP Cloud Platform OAuth Token Endpoint>",
	"oauth2.endUserUI" : 
"<SAP Cloud Platform OAuth User Endpoint>",
	"oauth2.grantType" : 
"authorization_code"
			}
		}
	],
"host" : "<host name of the mobile service for development and operations Java Endpoint>",
"port" : 443,
"protocol" : "https"
}

You can also configure a Kapsel application by adding the above JSON object into the registration context that you pass on to the Logon plugin when registration is triggered.

The refreshSession method triggers the simple refresh session flow, which sends the already stored access token to get a new session cookie. If the access token is invalid, the stored refresh token is used to obtain a new access token. If the refresh token is invalid, the web view is shown, and the OAuth2 authorization flow is performed.