Show TOC

OAuth 2.0 Flows Supported by SAPLocate this document in the navigation structure


There are various OAuth 2.0 flows that enable authentication and authorization with an OAuth 2.0 client at a back-end where you want to access resources. Currently SAP offers the following OAuth 2.0 flows:


Authentication Method

Recommended Flow

Server-to-server communication: A user authenticates at a web application. The web application needs to access resources from an OAuth 2.0-enabled back-end on behalf of the user.

SAML 2.0 on behalf of the user

SAML 2.0 Bearer Assertion Flow for OAuth 2.0

Loosely integrated communication between web applications. No trust for Single Sign-On needs to be established between the web application and the AS ABAP system hosting the protected resources. The user gives consent to grant access to a certain set of resources.

All resource owner authentication methods supported by an AS ABAP, for example, user name and password. For more information, see Standard Logon Order.

Authorization Code Flow for OAuth 2.0