Skip to Content
Author's profile photo Shen Peng

SAP PO Rest Integration with Salesforce (OAuth)

Our customer has  one requirement: SAP ECC sent  ads vendor data to Salesforce system with Rest.

We call know that to call Salesforce service, we need a token.

We need to send the data to Salesforce to get token:

grant_type:
client_id:
client_secret:
username:
password:

Test it with SOAPUI, we get token from response:

Then add token to the Header when call Salesforce services:

we can complete this in PO REST adapter:

But how to get the token dynamicly?
a lots of ways:

Write java mapping program?

Write a lookup function?

Design another interface and save the parameters in ECC system?

Design a complex iflow …

Can I use configuration? did a search but no anwser.

Our PO system is 7.5 with support package 7, there three options for OAuth:

Choose OAuth 2.0 Grant Tye Flow:

There are two options, we have parameter grant_type=password in SOAPUI.

Which one is for me?

After I hack into the codes of Rest Adapter and find out:

Resouce Owner Password Credentials Grant = password

Client Credentials Grant =  client_credentials

Then I have to fill all the fields:

I can tell you:

Resource Owner Client ID = client_id

Resource Owner Username = username

Resource Owner Password = password

Authorization Server Username & Password is  not used in the codes! And Salesforce  don’t give me these parameters.

Then do a test, not lucky.

Response message is :

Error while processing Authorization request! 
[EXCEPTION] 
com.sap.aii.adapter.rest.ejb.common.exception.HttpCallException: HTTP OAUTH 2.0 CLIENT CREDENTIALS GRANT call to https://test.salesforce.com:443/services/oauth2/token not successful. Error while obtaining authorization code - response code: 400 
response: 
{"error":"invalid_client","error_description":"invalid client credentials"}

 

There is no field for client_secret.

Ok, add ‘client_secret=……’ to Authorization Server URL,  end with ‘&’:

 

Look into the debug info, it works out:

I’m so happy to resolve the problem.Maybe SAP should provide more detail information about each function.We tried so many times.

Later I get this note from SAP support, https://launchpad.support.sap.com/#/notes/2405166 New Feature: Support for OAuth 2.0 Client Credentials and Resource Owner Password Credentials Grants.
It is very helpfull.

Assigned Tags

      14 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Vadim Klimov
      Vadim Klimov

      Hello Shen,

      Thank you a lot for sharing this valuable functionality of the REST adapter - it is truly demanded by the community, and before having it in standard, various solutions required custom development or usage of 3rd party components (such as adapters). Revealing a new feature and providing a real life use case for the introduced functionality is helpful and very appreciated.

      In my opinion, it would also be worth mentioning a SAP Note 2405166, which contains description of relevant adapter configuration parameters and references to the corresponding specifications of OAuth 2.0 framework (defined in RFCs 6749 and 6750) that might be useful for understanding available and supported grants an their usage.

      Regards,

      Vadim

      Author's profile photo Shen Peng
      Shen Peng
      Blog Post Author
      Thanks for your reply.
      I have read this note, very helpfull.
      2405166 – New Feature: Support for OAuth 2.0 Client Credentials and Resource Owner Password Credentials Grants
      I think it is not applied for Salesforce at the moment.
      Author's profile photo Rashmi Joshi
      Rashmi Joshi

       

      Nice blog. I am also working on similar requirement. However we are on PI 7.4…

      When I checked SOAP UI with URL - 

      https://xxxxxxxx.cs91.my.salesforce.com/services/oauth2/token?grant_type=password&client_id=<client_id>&client_secret=<client_secret>&username=<username>&password=<password>

       

      I dont see anything in request message, instead values are passed as query to URL.

       

      How to achieve this in PI?

       

      Please help.

       

      BR,

      Rashmi

      Author's profile photo Chris Probert
      Chris Probert

      Hi Shen

      Thanks for your excellent blog, very useful. I had one further question - we are looking to implement this new functionality but a question has come up about token caching. From your experience do you know if the new functionality of the REST adapter supports this? And does it support use of refresh tokens? Or does it send a new auth request for every message processed regardless of token expiration times?

      Many thanks

      Chris

      Author's profile photo KARUNAKAR ADAPA
      KARUNAKAR ADAPA

      Hi Shen Peng,

       

      Thanks for the very helpful  article. we unable to see acces_token, could you please let what are values to pass for HeaderName & ValuePattern in  HTTPHeaders tab?

       

      Thanks in advance.

      Best Regards,

      Karunakar A

      Author's profile photo Brian Byrne
      Brian Byrne

      Hi All,

      Concerning Sharepoint authentication in the cloud (office365) - has anyone connected there yet using standard adapter Sender/REST Polling.  I am going down the route of OAuth but am struggling to figure out the needed parameters and HTTP headers needed.

      7.5 SAP PI Java only SP10.

      Hoping it can be done without the need of custom module development.

      Author's profile photo Anurag Jain
      Anurag Jain

      Hello,

      Is it mandatory to provide Authorization server username and password for grant type flow "Password" as the application with which I want to use the REST receiver adapter does not provide them just like in your case. Could you please guide me on this

      Author's profile photo Shen Peng
      Shen Peng
      Blog Post Author

      Please refer to the notes:

      2535623 - OAuth 2.0 call to the authorization server could be of wrong type

      2405166 - New Feature: Support for OAuth 2.0 Client Credentials and Resource Owner Password Credentials Grants

      Keep update with latest SPs.

      Author's profile photo Sidharth VR
      Sidharth VR

      Shen,

      Is this Note 2405166 applicable for Salesforce now ?

      Thanks,

      Sidharth VR

      Author's profile photo Philippe Addor
      Philippe Addor

      The REST Receiver adapter works with Salesforce, as we just tried. For the “Authorization server username and password” you can enter whatever you want, it’s not used. We just doubled the entries from the fields below (Resource owner user and pass).

       

      Philippe Addor

      Author's profile photo VAR Soporte
      VAR Soporte

      Hello.

       

      I followed the steps you have explained, but I can´t get authorization token correctly.

      How you fill Authorization server username and password??

      In the notes you refer, I don't get explanation to fill the fields.

      Author's profile photo Jason Currey
      Jason Currey

      Thanks for this post.  Just set this up successfully using the details in Shen's original message.

       

      Two notes:

      • I didn't put the client_secret on the end of the URL - I put it in the additional parameters with parameter type "Query".
      • We had an additional issue caused because our Salesforce account password contained a % sign.  We had to URL encode it before entering it into the password field (ie. replace % with %25) to get the connection to work.

      Regards,

       

      Jason

       

      Author's profile photo Yekbun GUNEY
      Yekbun GUNEY

      Hi All,

      As you may know PO adds “Content-Encoding : UTF-8” parameter to message header by default. In my case SalesForce rejects Content-Encoding parameter whether I populate it with ‘UTF-8’ or ‘identity’ values.

      I have tried the same case with SOAP UI and the result is same. 415 Unsupported Media Type. If I remove Content-Encoding parameter from message header on SOAP UI, it works fine.

      Did you also face with the same issue?

      Thanks in advance.

      Author's profile photo Dimitri Sannen
      Dimitri Sannen

      Hi Yekbun,

      Just out of interest: you integrate with SFDC (Salesforce.com) using a REST adapter. Which version of SAP PI (or PO) do you have?

      Thanks a lot.
      Dimitri