OAuth 3LO

In a scenario where the card data requests need to go through OAuth 3LO (Three Legged OAuth) the card developer can use the built-in extension "sap.ui.integration.extensions.OAuth3LO".

Usage

To use the OAuth3LO extension, you need to include it in the manifest file by using the property "extension".
It will intercept the data requests which the card makes and if the user has not given access to the requested data yet, a button opening a consent popup will appear.

"extension": "module:sap/ui/integration/extensions/OAuth3LO"

Expected HTTP Response

In order for the OAuth 3LO process to work, when the user has not given access yet, the card will expect an HTTP response with status code "502" and header "sap-3lo-flow". If you are developing your own host application and need more details on the integration see the Integrate OAuth 3LO topic.

Note: This feature is dependent on the host environment. Check your host application (e.g. SAP Build Work Zone) for more instructions how to configure this feature.

Example

{
	"sap.card": {
		"type": "List",
		"extension": "module:sap/ui/integration/extensions/OAuth3LO",
		"configuration": {
			"destinations": {
				"ProductsMockServerWithOAuth3LO": {
					"name": "ProductsMockServerWithOAuth3LO",
					"label": "Products Mock OAuth3LO",
					"defaultUrl": "/getDataWithOAuth3LO"
				}
			}
		},
		"data": {
			"request": {
				"url": "{{destinations.ProductsMockServerWithOAuth3LO}}/Products",
				"method": "GET",
				"withCredentials": true,
				"parameters": {
					"$format": "json"
				}
			}
		},
		"content": {
			"data": {
				"path": "/value"
			},
			"item": {
				"title": "{ProductName}"
			}
		}
	}
}