How to register and create the configuration for OData API OAuth authentication?
- OData API
OAuth 2.0 lets all users log in regardless of whether they are SSO users. If you are planning to use OAuth 2.0 for authentication, you will first need to register your OAuth client, and set up the permissions required for this registration. Then you can register your OAuth client application.
From the admin menu Manage Permission Roles, select the desired role for which you want to add the permission. As a best practice, create role named "API Administrator". Under the Manage Integration Tools link, select the Manage OAuth2 Client Applications checkbox.
After you have done this, you will see a link, Manage OAuth2 Client Applications under the Company Settings category in the new admin tools, and under Integration Tools in the older administration tools interface.
From the Admin Menu click on Manage Security -> Administrative Privileges. For the user you are logged in as, look under Integration Tools and check the box under Access to OAuth 2 Management.
After you have done this, you will see a link under Integration Tools to where you can register your OAuth client.
Registering the OAuth Client Application
To register an OAuth client, log into your application instance with an administrator account. From the Admin menu, click on Manage OAuth2 Client Applications -> Register New Client Application. After you register an OAuth client, any user of the registered client can connect to SuccessFactors HCM Suite using this method.
Find the fields definitions:
The name of your company. This value is pre-filled based on the instance of the company currently logged in.
A unique name of your OAuth client.
An optional description of your application.
A unique URL of the page that the client wants to display to the end-user. The page might contain more information about the client application. This is needed for 3-legged OAuth, however it is not currently supported.
The certificate corresponding to the private and public key used in the OAuth 2.0 authentication process. In this flow, the SuccessFactors HCM Suite system will need the public key (the certificate) and the client application will have the private key. To register a client application, you will need to install the public key (aka certificate) in SuccessFactors HCM Suite. If you supply that certificate, you must use the RSA-SHA1 signature type for authenticating. As an optional feature, you can generate a public and private key pair with the Generate X.509 CertLʥcate button. If you do this, you must download the private key (or key pair) and install it into your client application.
|Generate X.509 Certificate Button||
A button that generates an X.509 certificate if the customer doesn't have one already. When clicked, a dialog box is displayed, in which the customer can enter the following information then click "Generate" to generate a selfsigned certificate:
* We do not recommend generating the X-509 certificate in API Center and downloading the private key. This method is less secure as downloading the private key will increase the risk of exposing it. This method should only be used if the client is unable to generate an X-509 certificate. The private key must be kept secure under all circumstances. Do not share the private key with others.
If you have generated the X-509 Certificate, you must download the private key to use it in your client application to make token requests. The system saves the public key. You will need to regenerate the private key if you lose it.
You will need to save the private key before you register you client. Only the public key is available for viewing when the client is registered. You will have the API key and private key available to you in the generated certificate.
For more information, please check the OData API Developer Guide
KBAs related to this topic:
How to; enable OAuth; Authentication; OAuth 2.0 configuration; Client Application; OData API; Bearer Token. , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , How To