Show TOC

Configuring an OAuth 2.0 Client in the AS ABAPLocate this document in the navigation structure

The configuration of an OAuth 2.0 client in the AS ABAP ensures that users can access applications provided by a service provider -- for example, by SAP HANA Cloud Platform.

Context

Note

We recommend that you configure the OAuth 2.0 client of the AS ABAP and the service provider in parallel. In this way, you avoid mistakes by easily copying, for example, the redirection URI and by entering it in both configuration UIs. You can proceed in the same way with the service provider's password and client secret in the AS ABAP.

Procedure

  1. Open SAP GUI.
  2. Start transaction OA2C_CONFIG (OAuth 2.0 Clients) or enter the following URL in your browser:

    https://<host_name>:<https_port>/sap/bc/webdynpro/sap/oa2c_config?sap-language=EN&sap-client=<client>

    Example

    https://ldai1abc.example.com:44001/sap/bc/webdynpro/sap/oa2c_config?sap-client=001&sap-language=EN

  3. To create an OAuth 2.0 client, choose Create.
    A popup with the configuration UI appears.
  4. Choose the OAuth 2.0 client profile you created earlier. The OAuth 2.0 client profile already contains the service provider type.
  5. Enter the OAuth 2.0 client ID and choose OK. If you want to connect to an external service provider, you already received the OAuth 2.0 client ID during the registration of your OAuth 2.0 client at the service provider's web site.
    The OAuth 2.0 client profile and the client ID appear in the General Settings section of the new OAuth 2.0 client.
  6. Activate the grant types you want to use.
  7. Enter the redirection URI server in the field Redirection URI Server with host name and port. The configuration screen uses this entry to produce the redirection URI. You can also use the URL of an SAP Web Dispatcher.
  8. Go to Authorization Server Settings and enter the authorization server endpoint.
    Note

    You can display and easily copy the complete OAuth 2.0 endpoint URLs from the configuration UI of your service provider. Remove the https:// prefix and paste the remaining string into the Authorization Endpoint or Token Endpoint fields.

  9. Enter the token endpoint accordingly.
  10. Enter the client secret that you configured in the service provider and press ENTER. Obviously, both client secrets must be identical. You received a client secret after you registered your OAuth 2.0 client at the service provider's web site.
  11. To verify the OAuth 2.0 scopes, you switch to the Scopes tab. The Profile column already contains the OAuth 2.0 client profile you created earlier in the AS ABAP. The Scope column displays the associated OAuth 2.0 scopes. To add further scopes, integrate the respective OAuth 2.0 client profiles containing these scopes or assign the scopes to the particular OAuth 2.0 client profile.
  12. Save your changes.