Show TOC

Authorization Endpoint for OAuth 2.0Locate this document in the navigation structure


The authorization endpoint is a dedicated ICF node that handles requests from the Internet to the OAuth 2.0 scopes. A user (the resource owner) explicitly selects the OAuth 2.0 scopes to be accessed by a third party.


You use SSL for secure communication.


The following process illustrates which activities are triggered when an OAuth 2.0 client requests an authorization code:

  1. The web application hosting the OAuth 2.0 client redirects the resource owner's user agent to the authorization endpoint of the authorization server.

  2. The authorization server authenticates the resource owner using an authentication method supported by AS ABAP.

  3. The AS ABAP checks the authorizations of the client and resource owner for the requested OAuth 2.0 scopes. The authorization server preselects the scopes for which the resource owner is authorized and presents them to the resource owner.

  4. The resource owner can further restrict the selection or simply accept the proposal.

  5. The authorization endpoint receives the result of the resource owner's consent and issues an authorization code that represents the selected set of scopes for the requesting client and the granting resource owner.

  6. The issued authorization code is sent to the redirection URI at the web application hosting the OAuth 2.0 client by user agent redirection.


The authorization server uses the redirection URI that was defined during the client registration.


The OAuth 2.0 client receives a valid access token and stores the related data.

More Information

For more information, see Configuring OAuth 2.0.