Symptom
- SAP recently made an important security improvement on OAuth Client Token Lifetime in SAP Analytics Cloud
- OAuth Clients used for service-to-service communications with SAP Analytics Cloud were previously permitted to be created with token lifetimes that never expire, so the improvement is to limit those lifetimes in the following way:
- New OAuth Clients can no longer be created where token and refresh token lifetimes are longer than 180 days
- All previously issued OAuth tokens with lifetimes > 180 days have had their lifetimes reduced to 180 days
- This change will be only applied to SAC tenant hosting on SAP data centers (NEO)
- For SAC tenant hosting on Non-SAP data centers (CF), the Token Lifetime and Refresh Token Lifetime has been pre-configured so cannot be changed/specified
Environment
- SAP Analytics Cloud, Enterprise Edition
- SAP data centers (NEO)
Reproducing the Issue
- Log on to SAC tenant hosting on SAP data centers (NEO)。
- From the side navigation, choose System > Administration.
- Choose the App Integration tab.
- Under Configured Clients, select Add a New OAuth Client.
- In the dialog, enter Name, OAuth Client ID, and select either Interactive Usage or API Access from list of Purpose.
- Select either of following options for Authorization Grant:
- Authorization Code: both Token Lifetime and Refresh Token Lifetime can be specified to max 259200 minutes (180 Days).
- Client Credentials: Token Lifetime can be specified to max 259200 minutes (180 Days).
Resolution
- These changes were applied during the week of August 9 2023, so any previously issued OAuth tokens with lifetimes > 180 days at that time will be due to expire in early January.
- SAP requests that customers review any custom code using OAuth Clients to access SAP Analytics Cloud, and ensure that their code is able to detect and renew expired OAuth tokens.
- Please complete your review and corrections before January 1 2024, in order to avoid service interruptions when accessing SAP Analytics Cloud from your custom code: services, programs, scripts, jobs and so on.
See Also
- 2569847 - Where can you find SAC user assistance (help) to use, configure, and operate it more effectively?
- Have a question? Ask it here and let our amazing SAP community help! Or reply and share your knowledge!
- 2487011 - What information do I need to provide when opening a case for SAP Analytics Cloud?
- 2511489 - Troubleshooting performance issues in SAP Analytics Cloud
- Search for SAP Analytics Cloud content using Google or Bing:
- https://www.google.ca/search?q=site%3Ahttps%3A%2F%2Fapps.support.sap.com+SAP+Analytics+Cloud
- https://www.bing.com/search?q=site%3Ahttps%3A%2F%2Fapps.support.sap.com+SAP+Analytics+Cloud
- Note: Add relevant text or warning/error messages to the text search field to filter results.
- SAP Analytics Cloud Connection Guide
- Getting Started with SAP Analytics Cloud Expert Community page
- SAP Analytics Cloud Get More Help and SAP Support
- Need More Help? Contact Support or visit the solution finder today!
Your feedback is important to help us improve our knowledge base.
Keywords
SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics, OAuth, Client, Token, Lifetime, expire, expired, expiration , KBA , LOD-ANA-AUT , SAC Authentication / Login , Product Enhancement
Product
SAP Analytics Cloud 1.0