Hello Experts,
Here is the scenario wherein I may please require your valuable inputs/ suggestions:
" From WS client the new access token and refresh token is sent, SAP PO polls every 20 mins using Sender REST Polling (token expires every 30 mins) an and the received tokens needs to be stored
Polling output look alike:
{
"access_token": "w05ssdc5-f441-492b-978f-82db88a21ccb2",
"refresh_token": "115s3dc5-f441-492b-978f-82db88a21ccb2",
"scope": "givenName mail nonce openid profile sn uid",
"token_type": "Bearer",
"expires_in": 1799
}
Now vitally I wanted to store the tokens in SAP PO and then retrieve it to call for actual business Interfaces.
This will help me to avoid doing multiple API authentication calls(there is a API Limit as well) to do the actual business interfaces run and Instead simply retrieve the tokens from lookup table or some property or brm or any.
Achieved through value mapping and NWA application property but seems to have limitations in terms of security and delta cache issues. There is no ECC or any database systems to even do a look ups.
Looking forward for a Better solution. Many Thanks!
Regards,
Rajesh PS
6 Answers
-
Best AnswerPosted on Mar 04, 2020 at 03:39 PM
Worked out successfully saving tokens in file server, value mapping, Message ID mapper custom module solution.
Finally ended up with an OAuth standard solution which works as expected and good indeed . This is implemented in SAP PO 7.4 SPS16 Patch 15.
Add a comment
-
Posted on Oct 11, 2019 at 01:10 PM
Hello Rajesh,
While i understand the concern that you really want to limit the number of API calls and which sounds reasonable as well, AFAIK oauth token calls are not metered by any API provider but yes they are a overhead if you can get away with a refresh token.
SAP PO doesn’t have any storage mechanisms . It’s a shame but thats how it has always been.
Your options here are limited while i have never explored use of refresh token specifically in PO rest adapter this would have been a cakewalk in SAP CPI.
There are java based tables which you can create and modify in sap po but i doubt system admin will allow you access to modify java stack database. It’s highly critical.
In the end if it is really not a deal breaker i would suggest that you get a fresh token every time or let the channel manage it.
Again, I am not an expert here that’s why didnt pitch in earlier but there would be some better answers than mine that would be able to help you.
Try tagging michael or eng swee.
Regards
Vinay
Regards
Vinay Mittal
Add a comment
-
Posted on Oct 11, 2019 at 02:06 PM
Hi!
It doesn't seem to be the best way, but you could save your token to PI server file system in the form of text/xml file and read it using UDF in your message mapping.
Regards, Evgeniy.
Add a comment
-
Posted on Oct 15, 2019 at 08:28 AM
Hi Rajesh,
try using Value Mapping to save the tokens.
Do you need both access token & refresh token for your scenario? If you are using Rest Pooling then you can have a fresh access token every 20-25 min.
Thanks
Ankit
Add a comment
-
Posted on Oct 15, 2019 at 09:55 AM
Hi,
Refresh token sadly not possible. I find Evgeniy Kolmakov solution suitable enough.
Sad, but not many optimized solutions available here.
Regards,
Vikas
Add a comment
-
Posted on Oct 16, 2019 at 08:34 AM
Hi Rajesh,
This is a good question. I actually thought that the REST Receiver adapter caches the token by itself (there is a checkbox for it). Are you not using this adapter or does it not fulfill your requirement?
I had a similar requirement but for a SOAP API where I had to pass the token in the SOAP Header. I wrote a UDF which fetched the token in the first request and stores it in the value mapping cache together with a timestamp. In the subsequent requests it loads and compares the timestamp with the current time and only fetches a new token in case the cached token has expired (validity in minutes can be configured as module parameter). I didn't deem the VM store a security risk since access to the VM cache monitor is restricted to PO admins and the scenario does not contain confidential data. But maybe one could also consider encrypting the stored token?
Anyway, you are looking for another approach. So maybe this helps in case you don't know it yet: I recently came across a very interesting article about this topic that seems to use an internal PO class called MessageIDMapper which was so far unknown to me. The solution makes use of these methods to store the token to PO internal tables. Maybe that helps.
Philippe
Add a comment
Add a comment