I am currently working on implementing Single Sign-On (SSO) for my SAPUI5 application within the MCF (Multichannel Foundation) framework. I have configured OAuth 2.0 in the system using transaction OA2C_CONFIG, and I am utilizing the Authorization Code flow for authentication.

The flow works as expected when tested using Postman—I am able to successfully obtain an access token.

However, when I implement the same flow in my SAPUI5 application and attempt to access it using the OAuth 2.0 Authorization Code obtained from the parent (mother) application, I am redirected to the SAP login page and prompted to enter credentials specific to my SAPUI5 application. This occurs even though the user is already authenticated in the parent system, albeit with a different username and password.

To address this, I developed an OData service that verifies whether the user exists and is active in SAP NetWeaver, using the user's ID. This ID is obtained by calling an API from the parent application, which provides information about the currently authenticated user.

My question is: How can I bypass the SAP login page in this scenario and enable my SAPUI5 application to automatically authenticate the user using the Authorization Code flow and session from the parent application?