Dear experts,

We are currently into the process of implementing the following scenario:

1. We want to create a web application (HTML5) that needs to fetch data from an odata service of our SAP ABAP NW 7.5 back-end system.

2. This web application needs to authenticate with an external identity provider first (auth0)

3. After authentication has been completed, we want to access the back-end odata service for retrieval of the data

4. We would like to implement the oauth 2.0 authentication/authorization concept using JWT tokens for authentication

For this reason, we have tried following the information on these blogs:

Leave Requests with a HTML5 based Web Application

Mobile Leave Request Approvals on Android

We have declared in SAML2 our oauth identity provider.

We have also created in SOAUTH2 a respective client (system user), linked him with our odata service scope and stated that this client is connected with our trusted external oauth IdP.

We have also exposed our token endpoint.

However, we are struggling to perform a test in order to check if our configuration is correct.

We have currently performed the following:

1. The web application has successfully logged in with the external idp and received an access token

2. How do we push this token (JWT) to the SAP ABAP AS in order to continue with the bearer assertion?

Is there a defined SAML endpoint that performs such an action in order to POST a Bearer assertion request or we need to manually create one?

Finally, when trying to access the odata service by hitting it directly from the browser, the service keeps asking us a user name and password, even though we have created an oauth scope for it. is this the correct behaviour?

Any help will be appreciated!

Thank you very much in advance.