OAuth Enablment for Odata Service

poluvamsee · ‎2022 Dec 06

Hi

I have created a odata service in SEGW.Later I make it OAuth enable and created scope for the sameusing sap standard reports.

This Odata service is to be accessed from External system through http call and pass some data to update in SAP.

Its works fine with basic authentication.But we want to use it with OAuth client credentails for security reasons.

Where do we need to configure OAuth details in SAP (OA2C_CONFIG or SOAUTH2) .

What is the diffence between this 2 transaction. Can you share if you have steps to configure Client credentails Oauth ID

This client secret and client id configured in SAP should be used by external system to trigger odata service without id password

boerdi · ‎2023 Mar 14

For your case you need to configure the OAuth details (Grant Type: Client Credentials Active + System User + Scope) in SOAUTH2 for incoming requests, where you can not do anything wrong.

The client credentials are the username (Client ID) and password (Client Secret) of the system user you need to create in advance in SU01 and assign to your OData service in SOAUTH2. As far as I am concerned of the assigned system user solely purpose should be to be able to execute your service. The external system has to request an access token via the ".../sap/bc/sec/oauth2/token" URL of your SAP system using HTTP-BasicAuth-Headerfields and "grant_type: client_credentials" + "scope:<yourScope>" in the HTTP-body. That's the way it worked for me at least.

For outgoing requests where you want to get access to an external service which is secured via OAuth you will need to configure the credentials in OA2C_CONFIG, which isn't neccessary for your requirement.

For tests and troubleshooting I can recommend the report SEC_TRACE_ANALYZER (for the <SYSTEM> user in client 000).

OAuth Enablment for Odata Service

Know the answer?

Need more details?