cancel
Showing results for 
Search instead for 
Did you mean: 

How to force OAuth 2.0 on SAP SCPI I-Flow Endpoints (CF)

cupertino
Discoverer
0 Kudos
662

Hi Integration Experts,

by creating service keys from integration instances with grant type "client credentials" in CF environment, you get oauth credentials (i.e. client id and client secret together with a token url). These credentials can be used to securely call your I-Flow with OAuth 2.0.

Yet there seems to be a "flaw" (or maybe it is a feature?) that you can also use client id and client secret as ordinary basic auth username / password to get access to the very same I-Flow.

Is there any way to force OAuth 2.0 or forbid basic auth out of the box by specific settings in integration instance or I-Flow? Of course I could also check the "Authorization" header in groovy, but this seems to be rather inconvenient. Any suggestions?

Regards,

Josef

Accepted Solutions (0)

Answers (2)

Answers (2)

VijayKonam
Active Contributor
0 Kudos

"Yet there seems to be a "flaw" (or maybe it is a feature?) that you can also use client id and client secret as ordinary basic auth username / password to get access to the very same I-Flow."

This is not true. If your key allows both client credentials and password as authentication mechanism it allows both. If you key is restricted to only client credentials (OAuth 2.0), you can not authenticate using the client id and secret as basic auth credentials.

cupertino
Discoverer
0 Kudos

vijaykonam ,

thanks for your reply. In my example the single option "client_credentials" has been set as grant-type in my integration instance. Yet calling the iflow using basic auth is still possible.

If you can confirm that this is no proper behavior in SCPI in a Cloud Foundry environment, we consider sending an incident to SAP support.

VijayKonam
Active Contributor
0 Kudos

I think you should.

0 Kudos

Hello cupertino and vijaykonam
i have tested the option to only have CLIENT CREDENTIALS set (not Password) and i can anyway connect using Basic auth. Is someone knows how to block the Basic auth ?
Thanks

VijayKonam
Active Contributor
0 Kudos

Raise a ticket to SAP!

Neeraj_Jain
Active Contributor
0 Kudos

Hello cupertino,

Have found a SAP Note on OAugh Authentication FAQ. Please refer below SAP Note. Might be it's helpful to you.

3146449 - OAuth Authentication: Frequently Asked Questions (FAQ) - SAP ONE Support Launchpad

Regards,

Neeraj Jain