cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to use OAuth option in SAP PO 7.5

chetan_risbud
Participant

on ‎10-30-2019 12:08 PM

Hello Experts,

I need help to configure below scenario in SAP PO 7.5 system.
I want to establish connection with AWS server based API's using REST adapter provided by SAP.

This is 2 step method

1 - Call token URL by giving specific(fix) header
this URL will return token number and expiry time like below

{

"access_token": "eyJraWQiOiJpen..........",
"expires_in": 3600,
"token_type": "Bearer"

}

2 -Call API to post main JSON payload with access token as header received from token API.

I have currently configured REST receiver channel as below.

My question is how caching worked and how to use token which is received by token API.

Regards,
Chetan Risbud

Show replies
Show replies
chetan_risbud
Participant
‎10-30-2019 12:50 PM
0 Kudos

engswee.yeoh michal.krawczyk2 - Can you please help?

Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member190293
Active Contributor
‎10-30-2019 1:50 PM

Hi!

HTTP header in the format "Authorization: Bearer <access_token>" is added by adapter itself to the request headers.

Token caching is also provided by adapter using parameter "expires_in" which is returned by authorization server.

Regards, Evgeniy.

Show replies
Show replies
chetan_risbud
Participant
‎10-31-2019 5:33 AM
0 Kudos

evgeniy.kolmakov - Thanks for inputs.

So i don't have to write anything explicitly in "HTTP header" tab?

but in may case http header is as "x-auth-token = Bearer <access token>" and not as "Authorization = Bearer <access token>"

Regards,
Chetan Risbud

former_member190293
Active Contributor
‎10-31-2019 7:52 AM
0 Kudos

Hi!

You might refer to the SAP Note: 2405166 - New Feature: Support for OAuth 2.0 Client Credentials and Resource Owner Password Credentials Grants for better undersatnding the process of getting access token.

This note, in turn, refers to RFC6749 and RFC6750 specifications where the rules of retrieving and further using of access token are defined:

  1. You can choose from the following grant flows:
  2. You can configure how to use the received access token as defined in https://tools.ietf.org/html/rfc6750. Select followig values for the field "Use credentials and Oauth 2.0 access token as" :
    • HTTP Header - adds the access token to the request HTTP headers in the following format "Authorization: Bearer <access_token>"
    • Query Parameter - adds the access token to the resource URL in following format: http://<host>:<port>/<resource_path>?access_token=<access_token_value>;
    • Important Note: Sending access token as "Form-Encoded Body Parameter" is not supported!

At the first sight I couldn't see the way to use retrieved access token outside the internal OAuth authorization process flow implemented in REST adapter (strictly according to specifications mentioned above), unless its value is stored to some dynamic REST attribute, which could be used in HTTP header value pattern.

Regards, Evgeniy.

Ask a Question