-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Products and Technology
- CRM and Customer Experience
- CRM and CX Q&A
- unable to get access token for OCC
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
unable to get access token for OCC
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on ‎2018 Sep 11 6:08 AM
- SAP Managed Tags
- SAP Commerce Cloud
Hello,
I am using hybris 6.7 and installed locally with OCC. I am trying to generate the access token that can be used to retrieve the cart information for a specific user using rest service calls.
I am using the below url and parameters to generate the access token.
https://localhost:9002/oauth/token ( there is no authorization server locally so not using this url - https://localhost:9002/authorizationserver/oauth/token)
see the screen shot for parameters.. May I know what would be the value that I need to use for client_id, client_secret?
I am getting the invalid login error.. See the screen shot for error in the response body..
Any help would be appreciated..
[1]: /storage/temp/11416-error.png
Need more details?
Request clarification before answering.
Accepted Solutions (0)
Answers (4)
Answers (4)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I figured out 1 and 2 and trying 3. Thanks for all your responses Markus. Really appreciated ..
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your response Markus. I am able to access based on your suggestions..
Could you help me the below questions?
(1) In real time we need to set the oauth client and that ID has access to all the OCC url's or do we have option to restrict which url that client can access?
(2) Could you provide any documentation on hybris self signed certificate that I can follow and install on my local? I want to test the URL without turning off the SSL in postman.
(3) The below url gives the cart (cartid = 00004000) entries for the user abcd@abcd.com and this abcd@abcd.com is created in the storefront.
https://localhost:9002/rest/v2/electronics/users/abcd@abcd.com/carts/00004000
For example if the 3rd party system need to access the cart information for abcd@abcd.com user that system need to pass the username and the access token. Am I correct?
The Access token we can generate and will share to the other user but how about the username?
How does the other system know the storefront username (abcd@abcd.com)?
Thanks for all your help and appreciated..
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
mpern
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Question (1) I've already answered, check the help.hybris.com, the Swagger API Documentation for OCC and the source code of the controllers for the full picture https://localhost:9002/rest/v2/swagger-ui.html
Question (2) is something you can surely figure out yourself, check the Postman docs
Question (3) is related to question (1), but let me indulge you one last time: reading the cart information of any cart is possible without a token, but as soon as you want to update sth, you need a token for a customer, or a token for a trusted client
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your reply Markus.
oauth2 is under platform/ext folder. If anything under platform ext we don't need to add in localextensions.xml file right?
When I try this URL getting the below error.. https://localhost:9002/authorizationserver/oauth/token?grant_type=password&username=abcd&password=12...
Error: SSL Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
When testing locally we don't need to add any clients right?
Thanks in advance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
mpern
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While quite a few endpoints aren't secured, you need to have a client if you want to use all endpoints, especially everything around customer data and checkout. Depending on how you setup your local installation, there may be some default clients (e.g. for asm or smartedit), so you could re-use those.
And the error message is probably from your REST client, because it doesn't trust the hybris self signed certificate. I recommend Postman, you can deactivate "SSL Certificate verification" in its settings to avoid this.
mpern
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The OAuth token generation is implemented in the oauth2 extension, make sure to add it to your localextensions.xml if it is not loaded.
To generate a token, you need to use the endpoint of oauth2:
https://localhost:9002/authorizationserver/oauth/token
Also make sure to add a oauth client as described here: https://help.hybris.com/1808/hcd/627c92db29ce4fce8b01ffbe478a8b3b.html#loio6faa241f2dac445093b0cd029...
Important: the resourceIds of your client must contain the value hybris, otherwise the client is not authorized for OCC
And OCC itself recognizes two different authorities, ROLE_CLIENT and ROLE_TRUSTED_CLIENT
ROLE_CLIENT is the default role, RULE_TRUSTED_CLIENT is something like a admin user, a client with that role can access all customer resources, without requiring a login by a customer
Details can be found in OCC Calls Security
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Bluesky- SAP Sales & Service Cloud V2 + ESM - API Authentication Methods in CRM and CX Blog Posts by SAP
- Build failed with unable to access private git repository in CCV2 in CRM and CX Q&A
- SAP for Me Access and Authorization Issues for Business One Customers in CRM and CX Q&A
- Enable Service management related APPs and Tiles in S/4 hana private edition FIORI in CRM and CX Q&A
- SAP MDI Setup for Master Data Integration to SAP FSM from S/4HANA Cloud in CRM and CX Blog Posts by SAP
| User | Count |
|---|---|
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.