Skip to Content

While it is clear how to define a new OAuth registration applicable for multiple services, the SAP provided WS Cookbook doesn’t provide any information on how to effectively initiate an OAuth handshake scoped on multiple web services.

Some introductory info:

The ‘scope‘ parameter is not defined as per OAuth 1.0 RFC.This makes it mandatory for the implementation to provide full details and documentation.

Unfortunately, the WS Cookbook is more a ‘documentation-by-example’ … instead of a full documentation of the design.

Investigation:

Looking closely at the SAP implementation of REST/OAuth, we can see it is based on CXF, and uses CXF’s OAuthUtils for version 1.0


List<String> scopes = org.apache.cxf.rs.security.oauth.utils.OAuthUtils.parseParamValue(oAuthMessage.getParameter("scope"), null);

CXF itself (v2.6.1) uses a simple StringTokenizer to separate scopes, and the defined separator is ” ” (space).


StringTokenizer tokenizer = new StringTokenizer(paramValue, " ");

Conclusion:

After defining a multi-web-service scoped OAuth, the handshake init can receive multiple scopes separated by a space.

Example:

OAuth Definition

2016-08-23 14_38_39.png

OAuth Handshake

2016-08-23 14_43_02-Postman.png

Bogdan

—————-cool stuff———————

[UPDATE 0.5] ScriptsRepo – Deploy Tool for SAP … | SCN

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply