on 2022 Nov 11 11:41 AM
Hi Integration Experts,
by creating service keys from integration instances with grant type "client credentials" in CF environment, you get oauth credentials (i.e. client id and client secret together with a token url). These credentials can be used to securely call your I-Flow with OAuth 2.0.
Yet there seems to be a "flaw" (or maybe it is a feature?) that you can also use client id and client secret as ordinary basic auth username / password to get access to the very same I-Flow.
Is there any way to force OAuth 2.0 or forbid basic auth out of the box by specific settings in integration instance or I-Flow? Of course I could also check the "Authorization" header in groovy, but this seems to be rather inconvenient. Any suggestions?
Regards,
Josef
Request clarification before answering.
"Yet there seems to be a "flaw" (or maybe it is a feature?) that you can also use client id and client secret as ordinary basic auth username / password to get access to the very same I-Flow."
This is not true. If your key allows both client credentials and password as authentication mechanism it allows both. If you key is restricted to only client credentials (OAuth 2.0), you can not authenticate using the client id and secret as basic auth credentials.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
vijaykonam ,
thanks for your reply. In my example the single option "client_credentials" has been set as grant-type in my integration instance. Yet calling the iflow using basic auth is still possible.
If you can confirm that this is no proper behavior in SCPI in a Cloud Foundry environment, we consider sending an incident to SAP support.
Hello cupertino,
Have found a SAP Note on OAugh Authentication FAQ. Please refer below SAP Note. Might be it's helpful to you.
3146449 - OAuth Authentication: Frequently Asked Questions (FAQ) - SAP ONE Support Launchpad
Regards,
Neeraj Jain
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
74 | |
30 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.