Skip to Content
0
Apr 15, 2022 at 07:10 AM

The redirect_uri has an invalid domain when invoking Workflow Inbox API for Cloud Foundry

1082 Views Last edit Apr 15, 2022 at 09:33 AM 2 rev

Hello Experts,

What we are doing is to retrieve user tasks from workflow service and display it in a centralized inbox (Unified Inbox). Unified Inbox is located in on-premise SAP system.
The Inbox API provides the functionality for building "own inbox" capabilities on top of SAP Workflow service and only supports OAuth2 Authorization Code.

https://api.sap.com/api/SAP_CP_Workflow_TCM_CF/overview

That means, we will call workflow inbox API in ABAP system with OAuth2 Authorization Code flow. We are following the wiki page to do the OAuth configuration.
https://wiki.scn.sap.com/wiki/display/Security/Access+SAP+Hana+Cloud+Platform+using+the+OAuth+2.0+Client+API#AccessSAPHanaCloudPlatformusingtheOAuth2.0ClientAPI-TableofContents

The OAuth configuration in S/4HANA on-premise is already finished with tcode "OA2C_CONFIG". The redirection URI server is the server itself and redirection URI is generated automatically.

The redirect uri: https://<S4HANA server>/sap/public/bc/sec/oauth2/client/redirect?sap-client=011

2022-04-15-14h55-49.png


When requesting OAuth 2.0 tokens in S/4HANA with tcode "OA2C_GRANT", I can see the login page. After I input user credentials, the authentication is completed but I got an error message "The redirect_uri has an invalid domain".

2022-04-15-14h37-52.png

In BTP Neo environment, it is possible to set redirection URL in oauth configuration. In Cloud Foundry, it is available to do it with oauth configuration when creating or updating xsuaa service instance. But the problem is I get uaa information from workflow service instance not from xsuaa service instance.

My question is:

  • Is this scenario supported by workflow?
  • How can I add redirection URL in Cloud Foundry environment?

Regards,
Jerry Zhang

Attachments