Logging In and Out Using OAuth Authentication with Service Layer API

Service Layer also supports OpenID Connect (OIDC), which is an interoperable authentication protocol based on the OAuth 2.0 framework.

OIDC allows clients to confirm an end user’s identity using authentication by an authorization server. With OIDC, you can use a single and existing account (from identity providers such as SAP IAS) to sign into SAP Business One and further strengthen security by using IDP’s features, such as two-factor authentication (2FA), without ever needing to create another username and password.

There are several advantages to using OAuth Authentication over Basic Authentication:

• Higher security
• Token-based
• Supports session management
• Granular control over access
• Better for external integration

Disadvantages include:

• More complex to implement.
• Requires managing tokens.
• Typically requires more setup.

The following graphic and information demonstrates OAuth authentication flow in Service layer implementation.

1. User sends as e-mail ID for verification.
2. If the ID matches, it redirects the user for authentication to the respective IDP.
3. User authenticates by providing the userID and password.
4. If authentication is successful, an access token is sent back to Service Layer application.
5. User application can use the access token to request Service Layer.
6. If the access token is valid, the Service Layer provides a response for the request.

• Unlike Basic Authentication, which uses a user ID and password, OAuth Authentication uses access tokens for secure authentication.

• OAuth Authentication provides higher security, token-based authentication, and better session management compared to Basic Authentication.

• To use OAuth Authentication, you need to configure an Identity Provider (IDP) and register the client application.

• The OAuth authentication flow involves user verification, IDP authentication, access token generation, and using the token to access the Service Layer.