Show TOC

Requesting an OAuth 2.0 Access TokenLocate this document in the navigation structure

To authorize the AS ABAP to access the end user's resources, request an OAuth 2.0 access token for your service provider. Call the grant endpoint with the suitable URL or use the transaction OA2C_GRANT.


At first, end users need to send an initial OAuth 2.0 token request. Having received the request, the AS ABAP authenticates the users and checks the client profile to find out for which OAuth 2.0 client the access token should be issued. Then the AS ABAP composes an authorization request URL and redirects the user's browser to the authorization endpoint in the authorization server. Here, the end users authenticate with their service provider accounts. After that, they are prompted for consent to grant the requested scope to the AS ABAP. After the end users' consent and the confirmation of the OAuth 2.0 client's scope request, their browser is redirected to the AS ABAP. Then the AS ABAP exchanges the received authorization code for an access token. Now the authorization code flow is complete.

Use one of these methods described in the related links.

  • After completion of the authorization code flow, the AS ABAP redirects the end users' browser to the grant application that was configured as target application in the Target Endpoint field.

  • The grant application displays the status Access possible and the expiration time.

  • The AS ABAP has an access token and a refresh token for the end users who authenticated at the service provider's authorization server. After a successful initial OAuth 2.0 token request, end users do not need to actively send token requests anymore. Instead, the AS ABAP uses a refresh token to get new access tokens when the current access token has expired.