Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to use Application based permission type in OAuth authentication in SAP ABAP?

former_member694960
Discoverer

‎10-09-2020 1:50 PM

0 Kudos

Hi,

We have ABAP application to get the data from the exchange online server(Microsoft EWS) and for this, We have used the EWS web-service and Basic authentication(RFC). But we want to change authentication type from RFC to OAuth 2.0.

I have already implemented OAuth 2.0 in SAP ABAP and it is user/Delegation based. The problem with this permission type is, Every user has to login individually and request for the access token and also some of the feature is not working. So the alternative is to use the Application based permission type. Is it feasible in SAP ABAP?.


Application based means, their will be one token(it will be requested by the administrator) and this token will be used by all the user for authentication.

is SAML 2.0 bearer assertion an alternative ?


Your suggestion would be very helpful. Please assist me.


Best Regards,

Sanjay Naik.

5 REPLIES 5

former_member612251
Participant

‎10-17-2020 10:45 PM

0 Kudos

This should work if I understand the requirement correctly. The services would be authenticating with OAuth and the users would be using the SAML Bearer to authenticate to maintain the audit trail. As long as the users are in the IDP that has been trusted with the SP (ABAP) then it should work. They couldnt use the same token as such but they would use the SAML to authenticate.

former_member694960
Discoverer
In response to Private_Member_467521

‎10-27-2020 11:44 AM

HI luedazfr1

Thanks for your suggestion.

SAML will not be suitable for our application. So we are using the OAuth 2.0 Auth code grant and Oauth 2.0 Client credentials grant. Both the flow is working,But in both the flow we need to send the client secret(This we will get from Microsoft Azure) while requesting the access token code. I don't know, how to send the client secret. is it to be encrypted?. In the Microsoft documentation it is given that, client secret should be URI encoded.

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

Best Regards,

Sanjay

Private_Member_467521
Active Contributor
In response to Private_Member_467521

‎10-27-2020 12:59 PM

0 Kudos

Greetings sanjay_naik,

Our fellow community member Divya Mary has created this blog, which should shed a light for your topic on how to send the client secret.

Secure connectivity (OAuth) to SAP Cloud Platform Integration

https://blogs.sap.com/2018/03/12/part-1-secure-connectivity-oauth-to-sap-cloud-platform-integration/

Cheers,

Luis

jakob_steen-petersen
Active Participant

‎01-03-2023 9:52 AM

0 Kudos

Hi Sanjay

I know this is an old post. But did you manage to connect to EWS with oAuth withput having each user loggin in?