Skip to Content

Our customer has  one requirement: SAP ECC sent  ads vendor data to Salesforce system with Rest.

We call know that to call Salesforce service, we need a token.

We need to send the data to Salesforce to get token:

grant_type:
client_id:
client_secret:
username:
password:

Test it with SOAPUI, we get token from response:

Then add token to the Header when call Salesforce services:

we can complete this in PO REST adapter:

But how to get the token dynamicly?
a lots of ways:

Write java mapping program?

Write a lookup function?

Design another interface and save the parameters in ECC system?

Design a complex iflow …

Can I use configuration? did a search but no anwser.

Our PO system is 7.5 with support package 7, there three options for OAuth:

Choose OAuth 2.0 Grant Tye Flow:

There are two options, we have parameter grant_type=password in SOAPUI.

Which one is for me?

After I hack into the codes of Rest Adapter and find out:

Resouce Owner Password Credentials Grant = password

Client Credentials Grant =  client_credentials

Then I have to fill all the fields:

I can tell you:

Resource Owner Client ID = client_id

Resource Owner Username = username

Resource Owner Password = password

Authorization Server Username & Password is  not used in the codes! And Salesforce  don’t give me these parameters.

Then do a test, not lucky.

Response message is :

Error while processing Authorization request! 
[EXCEPTION] 
com.sap.aii.adapter.rest.ejb.common.exception.HttpCallException: HTTP OAUTH 2.0 CLIENT CREDENTIALS GRANT call to https://test.salesforce.com:443/services/oauth2/token not successful. Error while obtaining authorization code - response code: 400 
response: 
{"error":"invalid_client","error_description":"invalid client credentials"}

 

There is no field for client_secret.

Ok, add ‘client_secret=……’ to Authorization Server URL,  end with ‘&’:

 

Look into the debug info, it works out:

I’m so happy to resolve the problem.Maybe SAP should provide more detail information about each function.We tried so many times.

Later I get this note from SAP support, https://launchpad.support.sap.com/#/notes/2405166 New Feature: Support for OAuth 2.0 Client Credentials and Resource Owner Password Credentials Grants.
It is very helpfull.

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Vadim Klimov

    Hello Shen,

    Thank you a lot for sharing this valuable functionality of the REST adapter – it is truly demanded by the community, and before having it in standard, various solutions required custom development or usage of 3rd party components (such as adapters). Revealing a new feature and providing a real life use case for the introduced functionality is helpful and very appreciated.

    In my opinion, it would also be worth mentioning a SAP Note 2405166, which contains description of relevant adapter configuration parameters and references to the corresponding specifications of OAuth 2.0 framework (defined in RFCs 6749 and 6750) that might be useful for understanding available and supported grants an their usage.

    Regards,

    Vadim

    (0) 
    1. Shen Peng Post author
      Thanks for your reply.
      I have read this note, very helpfull.
      2405166 – New Feature: Support for OAuth 2.0 Client Credentials and Resource Owner Password Credentials Grants
      I think it is not applied for Salesforce at the moment.
      (0) 
  2. Office Anodius

    Great article!  Just released a cool app WebServicer – integrate Salesforce.com to SAP or any other external system or application via SOAP WebServices. All without a line of code and most importantly – without any middleware!

     

    (0) 
  3. Chris Probert

    Hi Shen

    Thanks for your excellent blog, very useful. I had one further question – we are looking to implement this new functionality but a question has come up about token caching. From your experience do you know if the new functionality of the REST adapter supports this? And does it support use of refresh tokens? Or does it send a new auth request for every message processed regardless of token expiration times?

    Many thanks

    Chris

    (0) 

Leave a Reply