Skip to Content
1
Aug 11, 2021 at 09:44 AM

ABAP 750, OAuth2, Client Credentials Flow --> How to store credentials?

953 Views Last edit Aug 11, 2021 at 09:46 AM 4 rev

Hi All,

We have a 7.50 ABAP NW system and want to connect to an oauth2 protected web-service. The SAP Standard OAuth connectivity for machine-to-machine connectivity (client-credential flow) is only available with S/4 ( see e.g. https://blogs.sap.com/2020/12/18/configuring-oauth-2.0-and-creating-an-abap-program-that-uses-oauth-2.0-client-api/). We can of course implement the token mechanismn on our own, but for this I need to provide a client_secret.

Now the big question: How do I store the client secret safely?

I am not talking about dumb function-modules / classes (like .e.g. CL_HARD_WIRED_ENCRYPTOR) which are actually only encoding / decoding, but I want an actual encryption. The only place I am aware of, which can safely be used is the "SECSTORE". Unfortunatly (as far as i know) it is impossible to define custom application inside the secstore without modifications as the secstore-BADI (SECSTORE_APPLICATION) is internal, and existing implementations of course do not provide a public getter function.

==> Basically: How do I store a client_id / client_secret in a 750 system?

Thanks,

Timo