How to use Auth2 with additional username and pass...

Anand_B · ‎07-18-2023

My query is around SAP CI connecting to 3^rd party system. For most of the cases we are using Oauth2 Credentials (below snip) but wants to how to handle when we have additional username and password, I am getting this for my couple of interactions.

What if we have more headers compare to what we have in Auth2

Now we are passing it as body which may get expose if we use trace.

Kindly suggest the best practice.

Thanks,

Anand

CarlosRoggan · ‎07-18-2023

Hi, may I add a comment which might not be helpful?

I would suggest to not use password_credentials grant type. It is deprecated by oauth for obvious reasons and from my understanding it is supported by Identity Providers or Authorization Servers because ppl like to use if for prototyping or testing (hence only technical test user is required).
The background:
Either you don't need a user, then client-credentials is fine, or you have a user, then "authorization code" grant type should be the suitable way.

Another option could be to encrypt and encode the sensitive data, via script, before placing them in the header.
Does that help a bit?
Here a little guidance in this blog

How to use Auth2 with additional username and password?

QGM - Not imported Transport of copies

MCHB Standard table import zero values in stock co...

Missing files in full-stack app generated by Build...

Re: How to post CSRF Token to SAP Standard ODATA t...

Re: Hana express downloader Options not showing