Acorel
Gratis demo

oAuth client in SAP Commerce

Maikel Bollemeijer, 25 september 2019

In this article we are going to talk about oAuth 2.0, what is it, how it works and how to use it to secure your API in SAP Commerce.

What is oAuth 2.0 ?

OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 supersedes the work done on the original OAuth protocol created in 2006. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.

OAuth 2.0 is an industrial standardised authorization and authentication protocol that can be used for almost any type of web security.

In this article we will not discuss the specification of the protocol itself. If you want to know more about the technical detail of this protocol I suggest you start here.

Prerequisites

How to create an oAuth Client in SAP Commerce.

We will focus on a client that allows a user to supply a username and password in exchange for an access token. This access token can then be used in request to the server that allows the client access to the given resource.

You will be presented with a creation wizard for the creation of the oAuth Client.

Choose your client id and password and hit next

Let me list things you can see in the next screen.

As you can see we only filled the grant type and the resource id for this example, these are the only ones we need for now.

Next we have the validity of the access and refresh token, choose a value for both you are comfortable with and hit Done.

We have successfully added a new oAuth client to our SAP Commerce Application and is ready to be used.

So lets use our newly created oAuth client and request an access token from SAP Commerce.

Curl request.

curl -k -X POST ‘https://localhost:9002/authorizationserver/oauth/token?grant_type=password&scope=basic&username=maikel.bollemeijer&password=password&client_id=acorel_client&client_secret=1234’

Response

{
“access_token” : “9f7ef668-d725-4302-b60a-8a38cdda202d”,
“token_type” : “bearer”,
“expires_in” : 15,
“scope” : “basic”
}

We have successfully requested an access token from SAP Commerce, now we can use it in our other requests.

For example on /basesites

curl -k -X GET “https://localhost:9002/rest/v2/basesites?fields=DEFAULT” -H “accept: application/json” -H “authorization: Bearer 9f7ef668-d725-4302-b60a-8a38cdda202d”

As a response we are greeted with the following JSON.

{
“baseSites” : [ {
“channel” : “B2C”,
“defaultLanguage” : {
“active” : true,
“isocode” : “en”,
“name” : “English”,
“nativeName” : “English”
},
“locale” : “en_GB”,
“name” : “Apparel Site UK”,
“theme” : “alpha”,
“uid” : “apparel-uk”
}, {
“channel” : “B2C”,
“defaultLanguage” : {
“active” : true,
“isocode” : “de”,
“name” : “German”,
“nativeName” : “Deutsch”
},
“locale” : “en_GB”,
“name” : “Apparel Site DE”,
“theme” : “alpha”,
“uid” : “apparel-de”
}, {
“channel” : “B2C”,
“defaultLanguage” : {
“active” : true,
“isocode” : “en”,
“name” : “English”,
“nativeName” : “English”
},
“locale” : “en_GB”,
“name” : “Electronics Site”,
“theme” : “alpha”,
“uid” : “electronics”
}, {
“channel” : “B2C”,
“defaultLanguage” : {
“active” : true,
“isocode” : “en”,
“name” : “English”,
“nativeName” : “English”
},
“name” : “Spartacus Electronics Site”,
“theme” : “”,
“uid” : “electronics-spa”
} ]
}

This is one of the many examples on how to use oAuth 2.0 in combination with SAP Commerce.

Maikel Bollemeijer

Read all my blogs

Receive our weekly blog by email?
Subscribe here:

More blogs