ABAP code calling REST service OAuth2.0 without OA...

bhakti2 · ‎2021 Aug 30

hello. all the sample ABAP code snippets i found for calling OAuth2 rest service were with OA2C

i am on older version, i dont have the method execute_cc_flow in class cl_oauth_client. my version in srm 750 sp 20. im told tat i cant use oa2c.

so i have written below code to get the token and i am getting error http 400 "Missing Grant_type"
im looking for how to pass key and parameter , Grant_type = Client credentials while calling the method. Could you please help me with this and tell me if u think im doing right?

thanks in advance.


    data: lo_http_client type ref to if_http_client,
          lo_rest_client type ref to cl_rest_http_client,
          lo_request     type ref to if_rest_entity,
          lo_response    type ref to if_rest_entity,
          lv_url         type        string,
          lv_body        type        string.
    lv_url = 'https://xxxxx.us20.hana.ondemand.com/oauth/token'.
     cl_http_client=>create_by_url(
         exporting
           url                = lv_url
         importing
           client             = lo_http_client
         exceptions
           argument_not_found = 1
           plugin_not_active  = 2
           internal_error     = 3
           others             = 4 ).
    lo_http_client->propertytype_logon_popup = lo_http_client->co_disabled.

    data l_username type string.
    data l_password type string.
    l_username = 'sb-mdm-mdmdev!t557'.
    l_password = 'RhefQVuQe3sDdc4zg1X1ATSQF5g='.
    call method lo_http_client->authenticate
      exporting
        username = l_username
        password = l_password.
* Create REST client instance
    create object lo_rest_client exporting io_http_client = lo_http_client.
* Create request instance
    lo_request = lo_rest_client->if_rest_client~create_request_entity( ).
    lo_http_client->request->set_header_field( name = 'grant_type' value = 'client_credentials' ).
    lo_request->set_content_type( exporting iv_media_type = if_rest_media_type=>gc_appl_www_form_url_encoded ).
* HTTP Post
    lo_rest_client->if_rest_resource~post( lo_request ).
* HTTP response
    lo_response = lo_rest_client->if_rest_client~get_response_entity( ).
    lo_response->set_content_type( exporting iv_media_type = if_rest_media_type=>gc_appl_json ).
* HTTP return status
    data(http_status)   = lo_response->get_header_field( '~status_code' ).
* HTTP JSON return string
    data(json_response) = lo_response->get_string_data( ).

former_member771070 · ‎2021 Aug 31

Hi,

Try the below change. Pass the grant type as part of body.

DATA: lv_strdata TYPE string.

lv_strdata = 'grant_type=client_credentials'.
DATA(lv_strlen) = strlen( lv_strdata ).
lo_http_client->request->if_http_entity->set_cdata(
data = lv_strdata " Required
length = lv_strlen " Optional
offset = 0 ). " Optional

Do try and share the feedback.

On other note - You rightly pointed out that grant type 'Client Credentials' via OA2C_CONFIG is not supported in earlier versions.

But using the client credentials directly in ABAP code does not encapsulate it from direct access and also would require code changes when credentials expire or needs to be refreshed.

If you have PI/PO as a middle ware, you may think to have external API consumed via PI/PO and then let it expose a proxy to be consumed from ABAP side.

I am not sure if we have an standard alternative to use client credential grant flow until we have a SAP version where OA2C_CONFIG supports it.

# If the users consuming the API would be dialog users, you may alternatively choose 'Authorizaton Code' option in OA2C_CONFIG + option to generate token and have it saved in system via OA2C_GRANT.

former_member771070 · ‎2021 Sep 01

Hi Bhakti,

You may try out the client credential options with POSTMAN once to confirm if its working standalone as desired or there is any issue with custom code.

Regarding the OA2C_CONFIG/OA2C_GRANT, I had come across a very nice and detailed wiki page which has step by step details of using 'Authorization code' option and steps relevant to OA2C_GRANT.

https://wiki.scn.sap.com/wiki/display/Security/Access+Google+APIs+using+the+OAuth+2.0+Client+API

This would help you.

Note -

In order to be able to use OA2C_GRANT, you would need the below authorization granted from security perspective

Object - S_OA2C_USE
- PROFILE = <OAuth2.0 Client profile you have created>
- ACTVT = 16

bhakti2 · ‎2021 Aug 31

Namaste Dilipji, First of all, Thank you very much for the response.

you are right, after solving the error about grant_type missing , i am now getting the error http status code 500, 'Something went amiss' ive put a screenshot here. it does not lead anywhere.

thanks a lot for suggesting PIPO approach. it actualy helps a lot to build the understanding that we might not have option to use OAuth2.0 from this older version. Do you have any suggestion abt how to confirm it with SAP? it would help to record a validated design decision.

i am still trying to understand the last point about dialog users. ive put the screenshot for OA2C_CONFIG. i have chosen Authorization Code option. I dont know where to find option to generate token and save it via OA2C_GRANT. it would be a great help if you could elaborate more on this option.

ABAP code calling REST service OAuth2.0 without OA2C

Know the answer?

Need more details?

Accepted Solutions (0)

Answers (3)

Answers (3)

Re: Redefine or Extend FDP_EF_PURCHASE_ORDER

Re: I have started the SUM procedure, but I am get...

Re: Redefine or Extend FDP_EF_PURCHASE_ORDER

Re: Invoke Generative AI Hub Models using @sap-ai-...

Re: Export S4 hana data as a file to GCS using dat...