Overview of OAuth 2.0 Client Configuration

The configuration of an OAuth 2.0 client requires certain tasks for administrators, end users, and, depending on the scenario, also for developers. A default configuration is straightforward in contrast to a configuration for service providers that use different settings and check additional parameters and values whenever end users perform authentication.

The configuration has the following parts.

1. (If required) Definition of a service provider type. To do this, create enhancement spots to pass special parameters and parameter values to the service provider, for example, the service provider type or syntactical elements, implement BAdI classes with method templates, and create filter combinations for the service provider type. This step is only necessary if your service provider checks additional parameters whenever an end user want to access applications. For more information, see the examples below.

2. Creation of OAuth 2.0 client profiles in the AS ABAP. The OAuth 2.0 client profile contains the OAuth 2.0 scope. The scopes are referenced by the service provider applications that end users are permitted to access from the AS ABAP using the OAuth 2.0 client. When the first authorization request comes in, the service provider checks these references.

3. If you want to access external service providers, you must create an ABAP program with the relevant service provider as a target.
4. Creation of a user account in the external service provider.
5. Assignment of authorizations to end users to enable them to use the client profile and to create an OAuth 2.0 token.
6. Configuration of the OAuth 2.0 client in the AS ABAP, which includes the identification and access data of the service provider.
7. Configuration of SSL/TLS trust in the trust manager (transaction STRUST), if this hasn't been done already. The OAuth 2.0 client uses this trust relationship for communication between the service provider and the AS ABAP.