Creating an OAuth application for accessing SAP Gateway entails creating a service user in the SAP APAB Security and Identity Management Console and registering the new OAuth 2.0 Client ID with the creation wizard.

Create a Service User for the OAuth 2.0 Client

This procedure creates a service user whose Client ID is identical with the username the OAuth client uses to request an access token. This user is normally named LEAVEAPP.

1. Navigate to the SAP ABAP Security and Identity Management console.
2. Start transaction SU01. The console displays the User Maintenance: Initial Screen.
3. Enter the user name for the OAuth client's service user; for example, LEAVEAPP.
4. Click Create or press F8. The console displays the Maintain Users screen.
5. Ensure that the Address tab is selected, and enter a last name for the new user; for example, LEAVEAPP.
6. Still in the Maintain Users window, click the Logon Data tab.
7. At the User Type dropdown, choose System.
8. At the Password section, in the New Password field, choose Generate. The system generates a password for the new user and displays it in the Maintain Users message section.
9. Copy the displayed password and use it in the configuration of your Client Application.
10. Click the Save icon and exit transaction SU01.

Register the New User With the Creation Wizard

This procedure registers the new user you just created, and creates a new leave request application, also named LEAVEAPP.

1. Navigate to the SAP ABAP Security and Identity Management console.
2. Start transaction SU02. The console displays the OAuth 2.0 Administration screen.
3. Choose Create. The console starts the Create OAuth 2.0 Client wizard.
4. At the Client ID field, enter LEAVEAPP.
5. Enter a short description for the new client.
6. If desired, adjust the value in the Token Lifetime field. (The default lifetime of an issued access token is one hour, expressed as 3600s. You may want to shorten this lifetime for security reasons.)
7. Click Next. The console displays the Client Authentication Details screen.
8. Define the resource owner authentication details:
   • To permit Research Owner authentication with authorization code type "grand", select "Grant Type Authorization Code Active".
   • Specify a redirect URL of https://oauth.cdata.com/oauth/.
9. Click Next. The console displays the Scope Assignment screen.
10. At Scope Assignment, add the following two scopes: ZLEAVEREQUEST_0001 and ZLEAVEREQUESTAPPR_0001. (For an overview of available OAuth 2.0 Scope IDs, press F4-Help.)
11. Click Next. The console displays the OAuth 2.0 Client Summary screen.
12. Check the OAuth 2.0 Client Summary to be sure it looks as you expect, then click Finish.