Setting Up OAuth Client for FlashPipe
This page describes the steps to set up an OAuth client for use with FlashPipe.
Required Roles and Role-Templates
FlashPipe relies heavily on access to Cloud Integration’s public APIs. As such, it requires specific roles/role-templates in order to be able to access those APIs. Following are the tasks and corresponding roles/role-templates that are required.
|Tasks||Role (Neo)||Role-Templates (Cloud Foundry)|
|Create/edit design time artifacts||
|Deploy artifacts to runtime||
|Monitor runtime artifacts||
|Read content protected by Access Policies (Optional)||
OAuth Client setup
(A) Creating an OAuth Client on Cloud Foundry
For Cloud Foundry, the default Process Integration Runtime service instance (with Plan =
api) created using the guided Booster does not have sufficient permissions required for FlashPipe to operate correctly. Therefore it is necessary to create an additional one following the steps listed below.
1. Logon to SAP BTP Cockpit
Access the relevant Cloud Foundry space on SAP BTP Cockpit.
2. Create new service instance
In the space, navigate to the
Services > Instances and create a new instance.
3. Enter instance details
To access Cloud Integration APIs, we will enter the following details for the instance.
Process Integration Runtime
- Instance Name:
4. Enter required roles
Leave the default grant type to
client_credentials. Select the roles shown below using the dropdown menu.
5. Review and create instance
Review the details and click
6. Wait for creation to complete
7. Create service key for instance
Once the instance has been create, click
*** its line and select
Create Service Key.
8. Enter name of service key
flashpipe-key as the name of the key.
9. View credentials of service key
Click on the created service key to view the credentials. Copy the following fields that will be needed for configuration with FlashPipe.
(B) Creating an OAuth Client on Neo
1. Create new OAuth client in SAP BTP Cockpit
Logon to SAP BTP Cockpit and navigate to
Security > OAuth. Under the
Clients tab, click
Register New Client.
Enter the following details.
- Name: Provide a suitable name, e.g. FlashPipe_Client
- Subscription: Choose the subscription for the tenant management node, typically ending with
- Authorization Grant: Select
- Secret: Provide a suitable value
Copy the following fields that will be needed for configuration with FlashPipe.
2. Assign roles to OAuth client
The OAuth client needs to be assigned the required roles. It is recommended to assign the roles using a group instead of direct assignment.
Security > Authorizations. Under the
Groups tab, click
New Group and provide a suitable name, e.g. FlashPipe API Client.
Assign the group to user
<clientid> is the value of the generated Client ID from step 1.
Next, assign the roles based on the roles as listed in the table at the top of this page.
3. Get URL for token endpoint
Navigate back to
Security > OAuth. Under the
Branding tab, the token endpoint is available under the
OAuth URLs section.
Token Endpoint fields that will be needed for configuration with FlashPipe.