Show TOC

Using OAuth 2.0Locate this document in the navigation structure

The OAuth 2.0 server (AS ABAP) protects resources you want to use, and the OAuth 2.0 client enables you to access services and resources that are offered by a service provider.

Authentication with OAuth 2.0 protection between an SAP NetWeaver Application Server ABAP and an external service provider such as, for example, SAP HANA Cloud Platform, Google Cloud Platform, or Microsoft Azure, requires a dedicated OAuth 2.0 client. You can configure and register this OAuth 2.0 client in the OAuth 2.0 server (AS ABAP).

The OAuth 2.0 client enables end users to easily access a service provider with the same credentials they are already using in the service provider. The communication between OAuth 2.0 client and server is secured by an HTTPS connection. The end users can then use services and resources offered by a service provider, for example, SAP HANA Cloud Platform or Microsoft Azure, to edit or process their data that is located as resources on the AS ABAP. During the authentication, the OAuth 2.0 client passes the OAuth 2.0 scopes to the service provider. The OAuth 2.0 scopes contain references to the allowed resources.

There are various OAuth 2.0 flows that enable authentication and authorization. Currently SAP offers the following OAuth 2.0 flows.

  • Authorization code flow

  • SAML 2.0 bearer assertion flow

For more information, see the related link.