Skip to Content
Author's profile photo Bogdan Toma

Scoping single OAuth registration to multiple Web Services

While it is clear how to define a new OAuth registration applicable for multiple services, the SAP provided WS Cookbook doesn’t provide any information on how to effectively initiate an OAuth handshake scoped on multiple web services.

Some introductory info:

The ‘scope‘ parameter is not defined as per OAuth 1.0 RFC.This makes it mandatory for the implementation to provide full details and documentation.

Unfortunately, the WS Cookbook is more a ‘documentation-by-example’ … instead of a full documentation of the design.


Looking closely at the SAP implementation of REST/OAuth, we can see it is based on CXF, and uses CXF’s OAuthUtils for version 1.0

List<String> scopes ="scope"), null);

CXF itself (v2.6.1) uses a simple StringTokenizer to separate scopes, and the defined separator is ” ” (space).

StringTokenizer tokenizer = new StringTokenizer(paramValue, " ");


After defining a multi-web-service scoped OAuth, the handshake init can receive multiple scopes separated by a space.


OAuth Definition

2016-08-23 14_38_39.png

OAuth Handshake

2016-08-23 14_43_02-Postman.png


—————-cool stuff———————

[UPDATE 0.5] ScriptsRepo – Deploy Tool for SAP … | SCN

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.