Creating a Custom OAuth App
This driver is able to consume an OData service deployed in one of your SAP HANA XSA application.
Configuring the SAP HANA XS Advanced OData Service
The OData service in an XSA application is defined in a server module by creating a filename.xsodata file. The XSOData files contain the specifications of your created OData service.
XS UAA Configuration
In a Multi-Target SAP HANA Extended Services (XS) Advanced application, the XS User Account and Authentication (UAA) service module is used for authenticating and authorizing users for API access. The UAA uses OAuth 2.0 as its Authentication and Authorization flow. Before connecting, some configurations must be made to the XS UAA module.
In either the /path/appname or path/appname/security directory, create a JSON file named xs-security.json. In this file, define the configuration for the UAA module.
To define the module, place the scopes and roles for accessing the OData service in the xs-security.json file.
As an example:
"scopes": [{ "name": "$XSAPPNAME.odataAccess", "description": "Access the OData service." }]
The role created will reference the scope defined above.
As an example:
"role-templates": [{ "name": "ODataAccess", "description": "Role for accessing the OData service", "scope-references": [ "$XSAPPNAME.odataAccess" ] }]
Further configuration is needed if the user is planning on using the CODE grant type. In the xs-security.json file, add the following:
"oauth2-configuration": { "token-validity": 90000, //time in seconds when an access token expires "redirect-uris": ["http://localhost:33333"] //the default callback of CData Drivers }
Web Module Configuration
While defining the routes for the web module, define an extra route for the XSOData file. For example:
"routes": [{ "source": "^/euro.xsodata/.*$", //OData service endpoint "destination": "js_module_service_url", //server module service url defined in mta.yaml "authenticationType": "xsuaa", "scope": "$XSAPPNAME.odataAccess" //the scope which grants access to the OData service }]Notice that there is a scope attribute referencing the scope which grants access to the OData service. After successfully building and running your application, we should go and grant Users access to our OData service.
Role Management
To create a role collection, navigate to XSA-COCKPIT -> Security -> Role Collections -> New Role Collection . Provide the collection with your desired name. Open the role collection you created and click on Add Role. In the xs-security.json file, set the application Identifier under your application and the role template on the ODataAccess role that was specified. To assign the created role to a user, navigate to XSA-COCKPIT -> User Management -> Assign Role Collections -> Add, then search for the role created by name or find it in the list, then click Save.
Obtaining Client Credentials
You can find the client credentials by navigating to XSA-COCKPIT -> Your Organization -> Your Application -> Services -> Service Instances -> XSUAA Service -> Show Sensitive Data. In the JSON file shown, note the client id, the client secret and the url. The url specified here is the host used for authenticating and authorizing users.
Connecting to an SAP HANA XSA Account
Once you have properly set up your application and already have access to the OData Service, follow the instructions on Custom Credentials in order to connect to your SAP HANA XSA Application.The XS UAA Module uses OAuth2.0 as its authorization method. Only CODE and PASSWORD grant types are supported.