on 2018 Oct 10 8:54 AM
Hi all,
I want to use the Job Scheduler service on Cloud Foundry. A user should be able to issue an OAuth 2.0 Authorization Code Grant after authenticating with an IdP (eg via SAML 2.0) so in the future a repeating job will be able to access a onpremise destination on behalf of the user with principal propagation.
The job and the application should preferable be implented as a node.js application.
Unfortunatly I was not able to locate a documentation detailling the necessary steps to use an OAuth 2.0 Authorization Code Grant for such a scenario.
How can an application retrieve, store and use the per-user access and refresh tokens or is this handled automatically by some framework?
On the examples I see an application router component used with node.js applications on cloud foundry. However this only deals with current requests of the currently logged in user and not with future background access after the initial interaction with the user has ended.
Thanks for any help in this area!
Regards.
Wolfgang
Request clarification before answering.
Hi afeeroz7 ,
unfortunatly I had so far no time to try this, but according to the page I linked you should be able to obtain a refresh token, store this token and use in the job to exchange it into an access token for the destination service. This is for onpremise destinations.
For cloud destinations you could look at https://blogs.sap.com/2019/05/27/sap-cloud-platform-backend-service-tutorial-21-api-called-from-inte... but you need to again store the refresh token obtained and use it later in th job to retrieve an access token.
Regards,
Wolfgang
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Wolfgang,
Did you find any solution to this problem. I am trying to schedule a REST endpoint as a job which will be called once a day. The REST enpoint however is protected with an oAuth authorization. So, when the scheduler tries to hit the service, it can only reach the login page.
Thanks
Arshad
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
ok, it seems for accessing an onpremise destination later on there is now the "Principal Propagation via User Exchange Token" cf. https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/39f538ad62e144c58c056ebc34b... available.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sharadha,
thanks for the link, I was aware of this section but this does not help me with this problem. This just ensures that the job is run on behalf of the requesting application, but I want inside the job make an access to an onpremise destination with the credentials of an user obtained by an OAuth 2.0 Authorization Code Grant.
Regards,
Wolfgang
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Did you check the FAQ section of the service - https://help.sap.com/viewer/07b57c2f4b944bcd8470d024723a1631/Cloud/en-US/d72c276ec60c4bbe89c0b9328a9... under 'OAuth 2.0 Authentication Mechanism'? It might be of some help.
-Sharadha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
52 | |
6 | |
5 | |
5 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.