SES 39: Configuration of OAuth Clients in SAP HANA Cloud

In many businesses, you may not have a plan in developing client applications. So, it’s useful to understand how clients interface with your secured resources using OAuth. Did you know it can be used to see how clients are configured in SAP HCP, too? Let’s dig in, then!

It’s advisable to implement client application as a server-side Java web application hosted on an instance of SAP HCP local runtime. Thus, check out the procedure for process flow of client application:

  • The first thing a client does after the launch of client application in the browser, is to check if it has OAuth access token in hand. And if it doesn’t, then browser will be redirected to authorization endpoint of SAP HCP authorization server with a request for access code.
  • The authentication endpoint will authenticate the user and prompt the user to check the user is given access to the client application.
  • Let’s say the user is given the access. So, the control picks up on the SAP HCP authorization server generating authorization code and invoking OAuth Callback URL in the request.
  • This request will get the authorization code and invoke token endpoints of SAP HCP authorization server. And once the access token is received, the client application will direct users to the start page where they can search on any topic.
  • Thus, whenever a user submits a search query, REST call is formatted and the access code is embedded in the HTTP request headers. In the end, the search results are displayed by the client application.


The OAuth SETTINGS tab page allows you to upload custom logo image to apply customized branding on OAuth pages for authorization.

Once you configure the URL, your client application is ready to fire up! But, you also need to register your client with authorization server to make sure that they incoming requests are authenticated.

%d bloggers like this: