cancel
Showing results for 
Search instead for 
Did you mean: 

Error while calling SAP CPI OData Iflow using OAuth Client Credential in Cloud Foundry

jacko123
Explorer
0 Kudos

I am getting a 403 Forbidden error when calling an iflow if an odata entry adapter.

I have followed this blog:
https://blogs.sap.com/2020/10/01/oauth-setup-for-cloud-integration-in-cloud-foundry-environment/

Getting the bearer token from the tokenurl is 200 ok.

Step 1:

But then when using this token in authorization type "bearer" I get 403 forbidden:

The access token was directly copied and pasted from step 1 "access token"

Step 2:

I have regenerated the bearer token a few times, and am sure I am inputting it correctly on the second step using diff checker.


What could I be missing?

Side note: ( I think this is unneccessary as its not covered in the blog, or mentioned in https://help.sap.com/docs/cloud-integration/sap-cloud-integration/oauth-2-0)
I notice in the return headers from the 403 call, it says "x-csrf-token" required...

When changing the call to "get" and adding a fetch for x-csrf-token token, then post and with x-csrf-token header and the fetched token, I get 401 unauthorized.

Bais
Participant
0 Kudos

Hi could you send us the http adapter properties of input channel?

Accepted Solutions (0)

Answers (1)

Answers (1)

hyperion
Advisor
Advisor
0 Kudos

Hello,

I think your "side note" is not so unnecessary, but probably the solution.
Yes, the header "required" is been sent, when a csrf-token is required by the server.
If you fetch it and send it, then you might get 401 if it is invalid,means outdated.
The reason behind: you don't have a session, so the server requires a new one on each request, so the token which you fetch and send, will be outdated again.
The solution is to send the session-cookie along with the POST request and the csrf-token

The faster solution might be to disable the "csrf" checkbox in the iFlow receiver adapter

Kind Regards,
Carlos