Show TOC

Enabling OAuth 2.0 Authentication for OData ServicesLocate this document in the navigation structure


You can use OAuth authentication method for both newly created and existing OData services in SAP Gateway.

Before configuring OAuth 2.0, make sure that you have configured a trusted Identity Provider for use with OAuth 2.0. For more information, see Configuring a Trusted Identity Provider for OAuth 2.0.

Use the transaction, /IWFND/MAINT_SERVICE, in your SAP Gateway host (SAP NetWeaver 7.4). The Service Catalog view opens, showing the existing and new OData services that have been enabled for OAuth.

It also shows the actual OAuth status of each service, whether or not the scope for the service exists.

There is an HTTP-HANDLER for ICF which provides the TADIR object keys to the OAuth framework: /IWFND/CL_SODATA_HTTP_HNDL_OAT. This OAuth framework inherits from /IWFND/CL_SODATA_HTTP_HANDLER.

In case an OData service has to be enabled for OAuth, the HTTP-HANDLER that has been specified for the service in ICF is automatically replaced by a new one or a newly registered one.

In SAP NetWeaver releases below 7.40, apply the SAP note number 1797103 Information published on SAP site to manually create and delete OAuth scopes for OData services.

The note provides the following:


  • The report, /IWFND/R_OAUTH_SCOPES

After applying the above mentioned SAP note, do the following to enable a service for OAuth:

  1. Replace the currently specified HTTP-HANDLER for your service in ICF using the handler, /IWFND/CL_SODATA_HTTP_HNDL_OAT

  2. Execute the report /IWFND/R_OAUTH_SCOPES to create an OAuth scope for your service.