JDBC Driver for SAP Concur

Build 22.0.8462

Creating a Custom OAuth App

SAP Concur uses the OAuth authentication standard, which requires the authenticating user to interact with SAP Concur via the browser. The driver facilitates the OAuth exchange in various ways as described below.

Register an OAuth Application

You can follow the procedure below to obtain the OAuth client credentials, the OAuthClientId and OAuthClientSecret.

  1. In order to obtain an access token, you need to register an application with SAP Concur. You can do this by contacting your Partner Enablement Manager or Partner Account Manager. Once you have registered an application, you will receive a clientId which will be your OAuthClientId, clientSecret which will be your OAuthClientSecret and geolocation.
  2. Select the APIs that your app will request permission to access. For full driver functionality, you must select : Notifications - View and manage notifications, Supplier Service - Get Supplier Data, Digital Tax Invoice - Get or Validate Digital Tax Invoices, Attendee List - Add, Update, or Inactivate Attendees, Expense Configuration - Update Expense Feature Configuration, E-Receipts Provider - Post receipts and invoices, get matching facts, Expense Report - Add, Approve, or Update Expense Reports, Extract - Request Extract of Available Data, Imaging - Add or Retrieve Report and Line Item Images, Insights - Additional services marketable to users, Itinerary - Add or Update Itineraries or Bookings, List Items - Add, Update, or Delete List Items, Meeting - Attendee Travel Booking, Payment Batch - Close Batches and Request Batch Export Files, Travel Profile - Access and update user travel profile information, Travel Request - Add, Update or Delete Travel Requests, Travel Approval - Approve or Reject Travel Itineraries, Users- Add or Update User Accounts

Authenticate to SAP Concur from a Desktop Application

In order to obtain a token, the client application needs to call the Oauth2 endpoint using various grants depending on the authentication scenarios required. The supported scenarios from our driver are CODE and PASSWORD grant type. The default OAuthGrantType is CODE, which requires you to follow the steps below. After setting the following connection properties, you are ready to connect:

  • OAuthClientId: Set this to your clientId.
  • OAuthClientSecret: Set this to your clientSecret.
  • InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.
  • AuthScheme: This is by default OAuth which uses the CODE grant type. If you wish to authenticate with PASSWORD grant type flow see Authentication with Password grant type
  • UseSandbox: Set this to true if you are authenticating using an implementation server.
  • Region: Set this to the region of geolocation received along with the other credentials. Possible values are EU for Europe, CN for China and US. Its default value is US.
When you connect, the driver completes the OAuth process:
  1. Extracts the access token from the CallbackURL.
  2. Obtains a new access token when the old one expires.
  3. Saves OAuth values along with geolocation in OAuthSettingsLocation to be persisted across connections.

Authenticate to SAP Concur from a Web Application

In the Web OAuth flow, set the following connection properties and follow the steps below to call stored procedures to obtain the access token.

  • OAuthClientId: Set this to the Key in your app settings.
  • OAuthClientSecret: Set this to the Secret in your app settings.

When connecting via a Web application, or if the driver is not authorized to open a browser window, you need to exchange a verifier code for the OAuthAccessToken.

  1. Call GetOAuthAuthorizationURL. The stored procedure returns the URL to the OAuth endpoint.
  2. Go to that URL and log in to authorize the application. Afterwards, you are redirected back to the callback URL.

    When you are redirected, the callback URL contains the code query string parameter.

  3. Set the following parameters and call GetOAuthAccessToken:

    NameValue
    AuthModeWEB
    VerifierSet this to the verifier code.

To make requests to SAP Concur, set OAuthAccessToken to the values returned in step 3.

To automatically refresh the token when it expires, set InitiateOAuth to REFRESH.

Copyright (c) 2023 CData Software, Inc. - All rights reserved.
Build 22.0.8462