Registering an OAuth 2.0 Client

Before you can authenticate and get an access token to access resources in the OAuth 2.0 server (AS ABAP) using a SAML 2.0 bearer or authorization code grant type, you must register an inbound OAuth 2.0 client at the AS ABAP.

To configure an inbound OAuth 2.0 client, take the following steps:

1. Log on to your SAP system.
2. To create a user, start transaction SU01.
3. Create a user for the respective OAuth 2.0 client. For reasons of clarity, indicate in the user name (which must be identical to the OAuth 2.0 client) which application uses it.
4. Go to the Logon Data tab.
5. Choose the user type System.
6. If applicable, make other entries and save this user.
7. To call the OAuth 2.0 administration screen, start transaction SOAUTH2. The OAuth 2.0 administration screen contains a section showing all inbound OAuth 2.0 clients and a details section.
8. A list of the existing clients is displayed in the Client ID column. To see the details of an OAuth 2.0 client, select the respective row.
9. To change the description of a client, choose the Edit button and enter a description in the General Settings subsection. It makes sense to indicate the web application for which the client stands, for example BUYERAPP.
10. Enter the token lifetime of the access token. The default is 3600 seconds
11. By default, the Client Authentication subsection defines the way the client authenticates at the token endpoint.
    Note We recommend that you use SSL client certificates.
12. In the subsection Resource Owner Authentication, you decide whether to use the grant type SAML 2.0 bearer, authorization code, or both. For more information, see Configuring a Grant Type Extension with an OAuth 2.0 SAML Bearer and Configuring a Grant Type Authorization Code with OAuth 2.0.