Access to the uaa/cf token

danfqa · ‎2023 Sep 27

Hello experts, it's me again with a question. I find it interesting and puzzling that I can log in to https://login.cf.us10-001.hana.ondemand.com and https://uaa.cf.us10-001.hana.ondemand.com through a web browser with my credentials (email and password). However, when I attempt to access https://login.cf.us10-001.hana.ondemand.com/oauth/token and https://uaa.cf.us10-001.hana.ondemand.com/oauth/token, I don't have authorization with the same credentials. On the other hand, when I use CF CLI, I can log in to https://api.cf.us10-001.hana.ondemand.com with these credentials and easily obtain the token using the cf oauth-token command. But the goal is to access the token through https://uaa.cf.us10-001.hana.ondemand.com/oauth/token to use it in a CPI IFlow.

Thank you for your support!

CarlosRoggan · ‎2023 Sep 27

Hi,

from my understanding the "Token Endpoint" is used by (OAuth-) clients that have been registered beforehand.
See spec at https://www.rfc-editor.org/rfc/rfc6749#section-3.2.1

To access CPI iFlow, you can use Basic Authentication with your real user, the CPI framework will do the OAuth flow "password" under the hood.
Alternatively, create your service instance of CPI and then a service key, to get the clientid/secret from it

Maybe you find these blog posts interesting:

https://blogs.sap.com/2023/07/20/cloud-integration-how-to-call-iflow-from-xsuaa-based-application-in...

https://blogs.sap.com/2023/05/26/cloud-integration-call-iflow-from-node-app-with-own-client-certific...

https://blogs.sap.com/2023/09/22/cloud-integration-call-iflow-basic-authentication-user-from-azure-a...

from the links section, this docu link you should read:

https://help.sap.com/docs/cloud-integration/sap-cloud-integration/creating-service-instance-and-serv...

Access to the uaa/cf token

Know the answer?

Need more details?