Many companies offering cloud services provide RESTful web APIs secured with OAuth 2.0, and you could think of many integration scenarios in which these APIs could be used in ABAP programs. If you are working on an integration scenario that involves accessing RESTful web APIs from an AS ABAP secured with OAuth 2.0, you can use the new OAuth 2.0 Client.
It firstly takes care of storing OAuth 2.0 tokens and client secrets in the secure store. Secondly it offers an easy to use API to initiate the OAuth 2.0 protocol flows and use a user's OAuth 2.0 Tokens in HTTP requests. The following examples describe step-by-step how you can implement the access from an AS ABAP to a web service secured with OAuth 2.0.
The article "The OAuth 2.0 authorization code grant type" provides a short overview about the supported OAuth 2.0 grant type. It also outlines how this grant type can be triggered in the AS ABAP and how OAuth 2.0 tokens can be used in ABAP programs.
Integration Scenario examples
The following examples give an impression of possible integration scenarios:
- SAP HANA Cloud Platform the in-memory Platform-as-a-Service offering from SAP, allows to build, extend and run applications on SAP HANA in the cloud. One typical integration scenario is therefore to seamlessly extend cloud and on premise applications in SAP HANA Cloud Platform. [1, 2] SAP HANA Cloud Platform allows to secure deployed applications with OAuth 2.0 in a simple way handling authentication and authorization.
Google offers it's cloud services via Google APIs.  Examples of Google APIs are the Gmail and Calendar API which allow to access a Google Accounts Email and Calendar information. Another example is the Drive API that allows to access a Google Accounts Cloud Storage. Beside of these examples Google offers many other Google APIs.  Most of these rely on OAuth 2.0 for authentication and authorization.
Similarly Microsoft allows access to services provided in the Microsoft Azure Cloud to be secured with OAuth 2.0. [5, 6] Examples are Azure Active Directory or Office 365. Azure Active
Directory provides identity and access management functionality. In this way It helps to secure access to other services provided by Microsoft Azure.
Another example is Facebook who uses OAuth 2.0 to secure the access to it's Social Graph API.  Here one could think of many integration scenarios, about how to access the Facebook Social Graph API from an ABAP system.
The following implementation examples describe step-by-step how the above integration scenarios could be implemented:
- SAP HANA Cloud Platform application - This scenario contains a description how to secure the connection from the AS ABAP to a web service deployed in the SAP HANA Cloud Platform using the OAuth 2.0 Client. It shows the configuration of the OAuth 2.0 Client and it's use in a short demo program.
Google Calendar API - In this scenario the access to a user's Google Calendar is described to demonstrate the access using OAuth 2.0. Most other Google API's are also OAuth 2.0 enabled, therefore this description can easily be transfered to other scenarios. Google uses a few additional parameters that are not defined in the IETF RFC 6749 "The OAuth 2.0 Authorization
Framework". In comparison to the SAP HANA Cloud Platform example this scenario therefore requires a few additional development tasks. It describes how you can extend the OAuth 2.0 Client that it will correctly set these required parameters and support the integration with Google's APIs.
- Windows Azure Active Directory API - This scenario demonstrates how you can access OAuth 2.0 protected APIs offered by Microsoft Azure. Also other Microsoft Cloud offerings use OAuth 2.0 to protect their APIs, e.g. Office 365. Similar to Google there are also a few additional parameters required by Microsoft Azure. This scenario shows in detail how you can extend the OAuth 2.0 Client to call Microsofts OAuth 2.0 Implementation correctly.
- Facebook Graph API - This scenario shows how you can implement OAuth 2.0 protected access to Facebook's Graph API from an AS ABAP using the OAuth 2.0 Client. Facebook has not defined any additional parameters required to execute the OAuth 2.0 protocol flows, but some parameter names differ from RFC 6749. Therefore this scenario describes how to adjust the OAuth 2.0 Client to Facebook's implementation.
- The OAuth 2.0 Client is available from AS ABAP 7.40 SP08.
- Note 2043775 must be applied.