Show TOC

OAuth 2.0 Introduction and ConceptLocate this document in the navigation structure

Concept

OAuth 2.0 is an open authorization framework based on an IETF specification. It was originally developed for social networks, but it evolved to become an authorization concept for the cloud and business-to-business integration. In the cloud, people use services from different service providers. As software vendors are moving their products to the cloud with offerings such as SAP Business ByDesign or cloud office services, more and more business users need to access resources offered by service providers. To make access to the desired resources easier, SAP supports the open authorization framework OAuth 2.0.

With OAuth 2.0, users allow Web-based client applications to access the resources. The application that is authorized by the resource owner accesses the resources on behalf of the user. Thus users who do not want to reveal their user names and passwords for the service provider where the resources are located are able to delegate access to the resources using an OAuth 2.0 access token.

The OAuth 2.0 authorization protocol enables a third-party application to obtain limited access to a resource using OAuth 2.0 scopes either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the resource, or by allowing the third-party application to obtain access on its own behalf.

The interface to the OAuth 2.0 client is a REST API.

More Information

For more information, see the Web site of the Internet Engineering Task Force (IETF). See also Business Example for Accessing Resources with OAuth 2.0 and OAuth 2.0 Scopes.