This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Can Apigee handle opening a web browser for user to login automatically?

Posted on 08-25-2024 11:23 PM
Abhinaya_GCP
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Trying to implement OAuth 2.0 Authorization Code Grant type for SAP target endpoint. 

With SAP Auth URL, called in browser, open login page to user, after successful login, Auth code is generated by redirect URI and exchanging this code with token after hitting  SAP Token URL to get access token finally to authorize SAP target endpoint.

Can Apigee handle this flow automatically just by hitting proxy endpoint?

0 2 89
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
joshil
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

You can use the service callout policy to call the SAP Auth URL

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Can Apigee handle this flow automatically just by hitting proxy endpoint?

Apigee cannot eliminate the need for an authorization code, and the need for the user to paste that code into the appropriate place. In fact you don't want that; it would be insecure if Apigee could automate that part.

What problem are you trying to solve?

If you want an Apigee API proxy to be able to invoke the SAP URL, and SAP supports OAuthV2, then.... you want to use some form of client_credentials grant between Apigee and SAP, to allow Apigee to get an OAuth token. The flow you described, authorization_code grant type, is used for USER-to-SYSTEM authentication.  You may want SYSTEM-to-SYSTEM authentication, in which case you want to use client credentials, or JWT Bearer, or similar.

To make this happen you will need to create a new client app in the SAP system; you'll get credentials there. You need to make those credentials available to your Apigee API proxy in some way (KVM or Secret Manager, etC), and then configure your Apigee API Proxy to get the token, stash it, and use it when invoking the SAP URL. 

Good luck. 

0 Likes