0

While trying to consume the odata service from s/4 cloud system using oAuth I get the following error: "DestinationAccessException: Failed to get authentication headers. Destination service returned error: Requested OAuth 2.0 scope exceeds the scope granted by the resource owner or OAuth 2.0 client" The odata service is oAuth enabled"

The oAuth scope of the service is specified in the destination confiured on cf as well. Please let me know if any further details are required.

Treasa
  • 1
  • 1
  • Can you let us know, which version of the SDK you are using? In general this looks like a problem with the configuration of your Cloud Foundry account. Can you please go through [this](https://blogs.sap.com/2017/07/18/step-7-with-sap-s4hana-cloud-sdk-secure-your-application-on-sap-cloud-platform-cloudfoundry/) blog post and especially verify that your xs-security.json matches your SCP configuration. Maybe the "JWT-Printer" in the Troubleshooting section helps. – Christoph Schubert Aug 13 '19 at 11:19
  • approuter is already configured for the the application deployed on cf following the blog mentioned. The same set up was used to invoke the product master API which worked, and now we want to consume API of our odata service after vdm generation. The service is also oauth enabled. – Treasa Aug 13 '19 at 11:57

1 Answers1

1

This error is actually not caused by the SAP Cloud SDK itself, but rather by a wrong/lacking configuration on the SAP S/4HANA side.

The error message Requested OAuth 2.0 scope exceeds the scope granted by the resource owner or OAuth 2.0 client indicates that the business user lacks the authorization object S_SCOPE for the requested OData API.

I recommend to consult the SECTRACE kernel trace to obtain more concrete information.

Emdee
  • 1,689
  • 5
  • 22
  • 35