Show TOC

Process Diagram of OAuth 2.0 Client ConfigurationLocate this document in the navigation structure

Since the configuration of an OAuth 2.0 client includes a number of roles and requires different tasks in multiple systems, you will find it useful to refer to the diagram that displays all possible configuration tasks in one image.

This diagram displays a road map of the tasks a person (developer, administrator, or end user) must perform either in the service provider or in the AS ABAP.

Before you start the configuration, decide whether you want to set up an OAuth 2.0 client for a service provider without additional parameters (default configuration) or for a service provider that checks additional parameters, for example, Google Cloud Platform or Microsoft Azure.

Tip

Go through the road map depending on the configuration you want to perform. Choose the colored boxes of the road map to get to the details of this specific task.

NoteThe following image contains links to more information.
To ensure that the OAuth 2.0 client is able to identify the service provider, you must make sure that the service provider type is included in the list of OAuth 2.0 client service provider types. Implement enhancement spots for your new service provider type. To implement a BAdI for the new service provider type, implement a new class that inherits from the superclass CL_OA2C_SPECIFICS_ABSTRACT containing the default OAuth 2.0 service provider specific settings. Using the filter for the BAdI implementation allows you to restrict, for example, the additional parameters and values to a special service provider type. An OAuth 2.0 client profile in the AS ABAP lists the OAuth 2.0 scopes you want to access within the service provider. Use the OAuth client API together with the HTTP/REST client API as shown in the image. To access an external service provider's OAuth 2.0 protected web service from an AS ABAP, you need to provide credentials and an OAuth 2.0 client ID in the service provider. Developers, administrators, and end users need OAuth 2.0-specific authorizations in the AS ABAP. In addition, OAuth 2.0 must be enabled in the AS ABAP and in the service provider. The configuration of an OAuth 2.0 client in the AS ABAP ensures that users can access applications provided by a service provider -- for example, by SAP HANA Cloud Platform. To establish a trusted relationship using the OAuth 2.0 client, you must use an SSL/TLS communication channel between your service provider and the AS ABAP. To establish a trusted relationship using the OAuth 2.0 client, you must use an SSL/TLS communication channel between your service provider and the AS ABAP. To authorize the AS ABAP to access the end user's resources, request an OAuth 2.0 access token for your service provider. Call the grant endpoint with the suitable URL or use the transaction OA2C_GRANT. If your service provider requires additional parameters or settings that differ from the Auth 2.0 standard, you must perform a few development activities that are required to adjust the OAuth 2.0 client to the OAuth 2.0 implementation of the service provider.