cancel
Showing results for 
Search instead for 
Did you mean: 

Job Scheduler on Cloud Foundry to access onpremise destination

WRoeckelein
Active Participant
0 Kudos

Hi all,

I want to use the Job Scheduler service on Cloud Foundry. A user should be able to issue an OAuth 2.0 Authorization Code Grant after authenticating with an IdP (eg via SAML 2.0) so in the future a repeating job will be able to access a onpremise destination on behalf of the user with principal propagation.

The job and the application should preferable be implented as a node.js application.

Unfortunatly I was not able to locate a documentation detailling the necessary steps to use an OAuth 2.0 Authorization Code Grant for such a scenario.

How can an application retrieve, store and use the per-user access and refresh tokens or is this handled automatically by some framework?

On the examples I see an application router component used with node.js applications on cloud foundry. However this only deals with current requests of the currently logged in user and not with future background access after the initial interaction with the user has ended.

Thanks for any help in this area!

Regards.

Wolfgang

Accepted Solutions (0)

Answers (5)

Answers (5)

WRoeckelein
Active Participant
0 Kudos

Hi afeeroz7 ,

unfortunatly I had so far no time to try this, but according to the page I linked you should be able to obtain a refresh token, store this token and use in the job to exchange it into an access token for the destination service. This is for onpremise destinations.

For cloud destinations you could look at https://blogs.sap.com/2019/05/27/sap-cloud-platform-backend-service-tutorial-21-api-called-from-inte... but you need to again store the refresh token obtained and use it later in th job to retrieve an access token.

Regards,

Wolfgang

0 Kudos

Hi Wolfgang,

Did you find any solution to this problem. I am trying to schedule a REST endpoint as a job which will be called once a day. The REST enpoint however is protected with an oAuth authorization. So, when the scheduler tries to hit the service, it can only reach the login page.

Thanks

Arshad

WRoeckelein
Active Participant
0 Kudos

ok, it seems for accessing an onpremise destination later on there is now the "Principal Propagation via User Exchange Token" cf. https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/39f538ad62e144c58c056ebc34b... available.

WRoeckelein
Active Participant
0 Kudos

Hi Sharadha,

thanks for the link, I was aware of this section but this does not help me with this problem. This just ensures that the job is run on behalf of the requesting application, but I want inside the job make an access to an onpremise destination with the credentials of an user obtained by an OAuth 2.0 Authorization Code Grant.

Regards,

Wolfgang

Sharadha1
Active Contributor
0 Kudos

Hi,

Did you check the FAQ section of the service - https://help.sap.com/viewer/07b57c2f4b944bcd8470d024723a1631/Cloud/en-US/d72c276ec60c4bbe89c0b9328a9... under 'OAuth 2.0 Authentication Mechanism'? It might be of some help.


-Sharadha