Hello Experts,
What we are doing is to retrieve user tasks from workflow service and display it in a centralized inbox (Unified Inbox). Unified Inbox is located in on-premise SAP system.
The Inbox API provides the functionality for building "own inbox" capabilities on top of SAP Workflow service and only supports OAuth2 Authorization Code.
https://api.sap.com/api/SAP_CP_Workflow_TCM_CF/overview
That means, we will call workflow inbox API in ABAP system with OAuth2 Authorization Code flow. We are following the wiki page to do the OAuth configuration.
https://wiki.scn.sap.com/wiki/display/Security/Access+SAP+Hana+Cloud+Platform+using+the+OAuth+2.0+Client+API#AccessSAPHanaCloudPlatformusingtheOAuth2.0ClientAPI-TableofContents
The OAuth configuration in S/4HANA on-premise is already finished with tcode "OA2C_CONFIG". The redirection URI server is the server itself and redirection URI is generated automatically.
The redirect uri: https://<S4HANA server>/sap/public/bc/sec/oauth2/client/redirect?sap-client=011

When requesting OAuth 2.0 tokens in S/4HANA with tcode "OA2C_GRANT", I can see the login page. After I input user credentials, the authentication is completed but I got an error message "The redirect_uri has an invalid domain".

In BTP Neo environment, it is possible to set redirection URL in oauth configuration. In Cloud Foundry, it is available to do it with oauth configuration when creating or updating xsuaa service instance. But the problem is I get uaa information from workflow service instance not from xsuaa service instance.
My question is:
Regards,
Jerry Zhang