Open sebbader-sap opened 1 week ago
sebbader-sap
commented
1 week ago The AAS specification does not define any required authentication pattern, of course. I am not asking for an evaluation of the implemented auth flows. Rather, I want to use the test engine to also for solutions that do not allow any incoming request without any user information.
otto-ifak
commented
1 week ago Hi @sebbader-sap, that is a good idea. Is there any open source implementation we could test this against?
sebbader-sap
commented
1 week ago I am not aware whether any of the currently available open source AAS server implementations have a proper user management. However, I can certainly offer my company's test and demo instances. Just send me an email (s.bader@sap.com) and we can align on the details.
I was not able to find whether the test engine can already send access tokens to the system under test. As enterprise systems usually do not even offer the option to interact without any kind of authentication (also basic authentication or username/password is not sufficient), the test engine cannot be used.
Proposal
Given that I am not missing anything obvious: Add support for OAuth2 flows. Enable the user to configure client id, secret, and auth server.