cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How to deactivate or disable Client Id and Client Secret for basic authentication?

danfqa
Explorer

on ‎2023 Sep 20 2:17 PM

0 Kudos
2,093

Hello experts, could you kindly lend me a hand with this inquiry? When a service key is generated in BTP (Cloud Foundry) for incoming client authentication, it produces an OAuth 2.0. The Client Id and Client Secret can be employed for basic authentication. Is there a method to disable this functionality, in essence, rendering both the Client Id and Client Secret unusable as Username and Password? I have some concerns, particularly in a production tenant. Thank you very much for your assistance, corrections, and any additional insights!

Daniel Quintero.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
Sriprasadsbhat
Active Contributor
‎2023 Sep 20 2:21 PM
0 Kudos

Hello Daniel,

As per my understanding its not possible to restrict ClientId/ClientSecret for basic authentication usage.

Regards,

Sriprasad S Bhat

Show replies
Show replies
danfqa
Explorer
‎2023 Sep 20 2:29 PM
0 Kudos

Thank you very much for the prompt response, Sriprasad Shivaram Bhat! As I see it, SAP doesn't recommend this option for production scenarios. So, should a certificate be used instead? What I find intriguing is that the Client Id and Client Secret used for basic authentication are the same as those used to consume the token.

VijayKonam
Active Contributor
‎2023 Sep 20 3:12 PM
0 Kudos

As far as I remember, when you create the key with both client_credentials and password type, it could be used as basic auth creds. If the key is created with on client_credentials usage, one cannot use it for basic authentication. Did that behavior change?

danfqa
Explorer
‎2023 Sep 20 11:33 PM
0 Kudos

Hello Vijay Konam, I'm sharing these images with you... Thanks!

Ask a Question