From e4990d2d20177879109860f5354a570895f4ca56 Mon Sep 17 00:00:00 2001 From: Manoj Kumar Pandey Date: Thu, 18 Jun 2026 00:08:43 +0530 Subject: [PATCH 1/8] x-sap-oauth-parameter introduction x-sap-oauth-parameter introduction --- sap-schemas/v3.0/README.md | 10 ++++++++++ sap-schemas/v3.0/schema.json | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/sap-schemas/v3.0/README.md b/sap-schemas/v3.0/README.md index bf89fc8..6dee700 100644 --- a/sap-schemas/v3.0/README.md +++ b/sap-schemas/v3.0/README.md @@ -30,6 +30,16 @@ Constraints: - OPTIONAL +### `x-sap-oauth-parameter` + +- Type: `Object` +- Used at: [OpenAPI Object](https://spec.openapis.org/oas/v3.0.3#oauth-flow-object) (root level) +- Description: To describe additional authentication parameters to be passed during oauth authentication flow. + +Constraints: + +- OPTIONAL + ### `x-sap-shortText` - Type: `String` diff --git a/sap-schemas/v3.0/schema.json b/sap-schemas/v3.0/schema.json index 76b86f7..514efb1 100644 --- a/sap-schemas/v3.0/schema.json +++ b/sap-schemas/v3.0/schema.json @@ -45,6 +45,14 @@ "description": "The compliance level that this API resource is expected to be compliant with. This corresponds to the [ORD policy level](https://pages.github.tools.sap/CentralEngineering/open-resource-discovery-specification/#/v1/generated/Document?id=package_policylevel) concept.", "enum": ["sap:base:v1", "sap:core:v1", "sap:core:v2"] }, + "x-sap-oauth-parameter": { + "type": "object", + "patternProperties": { + "^[a-zA-Z0-9\\.\\-_]+$": { + "$ref": "#/definitions/Parameter" + } + } + }, "x-sap-shortText": { "type": "string", "description": "To display a short description of your APIs" From 16763dd7b9fdb7de7fa625732e098b94edc7a1bb Mon Sep 17 00:00:00 2001 From: Manoj Kumar Pandey Date: Sun, 21 Jun 2026 20:56:10 +0530 Subject: [PATCH 2/8] Update schema.json --- sap-schemas/v3.0/schema.json | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/sap-schemas/v3.0/schema.json b/sap-schemas/v3.0/schema.json index 514efb1..b1a9ae1 100644 --- a/sap-schemas/v3.0/schema.json +++ b/sap-schemas/v3.0/schema.json @@ -45,13 +45,8 @@ "description": "The compliance level that this API resource is expected to be compliant with. This corresponds to the [ORD policy level](https://pages.github.tools.sap/CentralEngineering/open-resource-discovery-specification/#/v1/generated/Document?id=package_policylevel) concept.", "enum": ["sap:base:v1", "sap:core:v1", "sap:core:v2"] }, - "x-sap-oauth-parameter": { - "type": "object", - "patternProperties": { - "^[a-zA-Z0-9\\.\\-_]+$": { - "$ref": "#/definitions/Parameter" - } - } + "x-sap-oauth-body-parameter": { + "$ref": "#/definitions/RequestBody" }, "x-sap-shortText": { "type": "string", From d18aa7a476b08e856a3a2dc21d61edea7111dca3 Mon Sep 17 00:00:00 2001 From: Manoj Kumar Pandey Date: Tue, 23 Jun 2026 10:58:28 +0530 Subject: [PATCH 3/8] Update README.md --- sap-schemas/v3.0/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sap-schemas/v3.0/README.md b/sap-schemas/v3.0/README.md index 6dee700..e5b0418 100644 --- a/sap-schemas/v3.0/README.md +++ b/sap-schemas/v3.0/README.md @@ -30,7 +30,7 @@ Constraints: - OPTIONAL -### `x-sap-oauth-parameter` +### `x-sap-oauth-body-parameter` - Type: `Object` - Used at: [OpenAPI Object](https://spec.openapis.org/oas/v3.0.3#oauth-flow-object) (root level) From 4d0761c36fb42e20fe56bf9098ddce2d039e624b Mon Sep 17 00:00:00 2001 From: Manoj Kumar Pandey Date: Tue, 23 Jun 2026 23:27:31 +0530 Subject: [PATCH 4/8] x-sap-oauth-body-parameter addition --- sap-extensions/extensions.json | 4 ++++ sap-schemas/v2.0/README.md | 7 +++++++ sap-schemas/v2.0/schema.json | 4 ++++ sap-schemas/v3.0/schema.json | 3 ++- 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/sap-extensions/extensions.json b/sap-extensions/extensions.json index de50544..6de517b 100644 --- a/sap-extensions/extensions.json +++ b/sap-extensions/extensions.json @@ -68,6 +68,10 @@ "sap:core:v2" ] }, + "x-sap-oauth-body-parameter": { + "$ref": "#/definitions/RequestBody", + "description": "To describe additional authentication parameters to be passed during oauth authentication flow." + }, "x-sap-shortText": { "type": "string", "description": "To display a short description of your APIs" diff --git a/sap-schemas/v2.0/README.md b/sap-schemas/v2.0/README.md index 9c66729..9692e92 100644 --- a/sap-schemas/v2.0/README.md +++ b/sap-schemas/v2.0/README.md @@ -30,6 +30,13 @@ Constraints: - OPTIONAL +### `x-sap-oauth-body-parameter` + +- Type: `Object` +- Used at: [OpenAPI Object](https://spec.openapis.org/oas/v3.0.3#oauth-flow-object) (root level) +- Description: To describe additional authentication parameters to be passed during oauth authentication flow. + + ### `x-sap-shortText` - Type: `String` diff --git a/sap-schemas/v2.0/schema.json b/sap-schemas/v2.0/schema.json index ff0ffa3..6fd13e1 100644 --- a/sap-schemas/v2.0/schema.json +++ b/sap-schemas/v2.0/schema.json @@ -81,6 +81,10 @@ "description": "The compliance level that this API resource is expected to be compliant with. This corresponds to the [ORD policy level](https://pages.github.tools.sap/CentralEngineering/open-resource-discovery-specification/#/v1/generated/Document?id=package_policylevel) concept.", "enum": ["sap:base:v1", "sap:core:v1", "sap:core:v2"] }, + "x-sap-oauth-body-parameter": { + "$ref": "#/definitions/RequestBody", + "description": "To describe additional authentication parameters to be passed during oauth authentication flow." + }, "x-sap-shortText": { "type": "string", "description": "To display a short description of your APIs" diff --git a/sap-schemas/v3.0/schema.json b/sap-schemas/v3.0/schema.json index b1a9ae1..3fea534 100644 --- a/sap-schemas/v3.0/schema.json +++ b/sap-schemas/v3.0/schema.json @@ -46,7 +46,8 @@ "enum": ["sap:base:v1", "sap:core:v1", "sap:core:v2"] }, "x-sap-oauth-body-parameter": { - "$ref": "#/definitions/RequestBody" + "$ref": "#/definitions/RequestBody", + "description": "To describe additional authentication parameters to be passed during oauth authentication flow." }, "x-sap-shortText": { "type": "string", From d684ae874c033f15a96f8d60ccfaea5712f2696d Mon Sep 17 00:00:00 2001 From: Manoj Kumar Pandey Date: Thu, 25 Jun 2026 07:54:26 +0530 Subject: [PATCH 5/8] adding example adding example --- sap-schemas/v3.0/README.md | 45 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/sap-schemas/v3.0/README.md b/sap-schemas/v3.0/README.md index e5b0418..0ab915c 100644 --- a/sap-schemas/v3.0/README.md +++ b/sap-schemas/v3.0/README.md @@ -35,6 +35,51 @@ Constraints: - Type: `Object` - Used at: [OpenAPI Object](https://spec.openapis.org/oas/v3.0.3#oauth-flow-object) (root level) - Description: To describe additional authentication parameters to be passed during oauth authentication flow. +- Example: +```json + { + "components": { + "securitySchemes": { + "oauth2": { + "type": "oauth2", + "flows": { + "clientCredentials": { + "tokenUrl": "https://your-auth-server/oauth/token", + "scopes": { + "api:read": "Read access", + "api:write": "Write access" + }, + "x-sap-oauth-body-parameter": { + "description": "The additional parameter to be passed during oauth authentication", + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "resource": { + "type": "string", + "description": "dentifies the target API for which the token is being requested. Ensures the token is audience-bound to this specific API. Value format: urn:sap:identity:application:provider:name:public_api:{clientId}", + "pattern": "urn:sap:identity:application:provider:name:public_api:{clientId}" + }, + "tenantId" : { + "type": "string", + "description": "Tenant identifier. Required for multi-tenant deployments.", + "pattern": "^[a-zA-Z0-9_-]+$", + "example": "my-tenant-id" + } + } + } + } + } + } + } + } + } + } + } +} + +``` Constraints: From c657cc487ded3b57af54031dbc7deb45646658a8 Mon Sep 17 00:00:00 2001 From: Manoj Kumar Pandey Date: Thu, 25 Jun 2026 07:57:10 +0530 Subject: [PATCH 6/8] Update README.md --- sap-schemas/v2.0/README.md | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/sap-schemas/v2.0/README.md b/sap-schemas/v2.0/README.md index 9692e92..81d2807 100644 --- a/sap-schemas/v2.0/README.md +++ b/sap-schemas/v2.0/README.md @@ -35,7 +35,51 @@ Constraints: - Type: `Object` - Used at: [OpenAPI Object](https://spec.openapis.org/oas/v3.0.3#oauth-flow-object) (root level) - Description: To describe additional authentication parameters to be passed during oauth authentication flow. +- Example: +```json + { + "components": { + "securitySchemes": { + "oauth2": { + "type": "oauth2", + "flows": { + "clientCredentials": { + "tokenUrl": "https://your-auth-server/oauth/token", + "scopes": { + "api:read": "Read access", + "api:write": "Write access" + }, + "x-sap-oauth-body-parameter": { + "description": "The additional parameter to be passed during oauth authentication", + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "resource": { + "type": "string", + "description": "dentifies the target API for which the token is being requested. Ensures the token is audience-bound to this specific API. Value format: urn:sap:identity:application:provider:name:public_api:{clientId}", + "pattern": "urn:sap:identity:application:provider:name:public_api:{clientId}" + }, + "tenantId" : { + "type": "string", + "description": "Tenant identifier. Required for multi-tenant deployments.", + "pattern": "^[a-zA-Z0-9_-]+$", + "example": "my-tenant-id" + } + } + } + } + } + } + } + } + } + } + } +} +``` ### `x-sap-shortText` From 38d7a9c97df625fd075d7af5f8099bd7765891c3 Mon Sep 17 00:00:00 2001 From: Manoj Kumar Pandey Date: Fri, 26 Jun 2026 00:05:01 +0530 Subject: [PATCH 7/8] referring Schema instead of RequestBody --- sap-extensions/extensions.json | 2 +- sap-schemas/v2.0/README.md | 36 +++++++++++++++------------------- sap-schemas/v2.0/schema.json | 2 +- sap-schemas/v3.0/README.md | 36 +++++++++++++++------------------- sap-schemas/v3.0/schema.json | 2 +- 5 files changed, 35 insertions(+), 43 deletions(-) diff --git a/sap-extensions/extensions.json b/sap-extensions/extensions.json index 6de517b..6b8f2c1 100644 --- a/sap-extensions/extensions.json +++ b/sap-extensions/extensions.json @@ -69,7 +69,7 @@ ] }, "x-sap-oauth-body-parameter": { - "$ref": "#/definitions/RequestBody", + "$ref": "#/definitions/Schema", "description": "To describe additional authentication parameters to be passed during oauth authentication flow." }, "x-sap-shortText": { diff --git a/sap-schemas/v2.0/README.md b/sap-schemas/v2.0/README.md index 81d2807..872904e 100644 --- a/sap-schemas/v2.0/README.md +++ b/sap-schemas/v2.0/README.md @@ -35,9 +35,10 @@ Constraints: - Type: `Object` - Used at: [OpenAPI Object](https://spec.openapis.org/oas/v3.0.3#oauth-flow-object) (root level) - Description: To describe additional authentication parameters to be passed during oauth authentication flow. -- Example: +- Example: + ```json - { +{ "components": { "securitySchemes": { "oauth2": { @@ -51,23 +52,19 @@ Constraints: }, "x-sap-oauth-body-parameter": { "description": "The additional parameter to be passed during oauth authentication", - "content": { - "application/x-www-form-urlencoded": { - "schema": { - "type": "object", - "properties": { - "resource": { - "type": "string", - "description": "dentifies the target API for which the token is being requested. Ensures the token is audience-bound to this specific API. Value format: urn:sap:identity:application:provider:name:public_api:{clientId}", - "pattern": "urn:sap:identity:application:provider:name:public_api:{clientId}" - }, - "tenantId" : { - "type": "string", - "description": "Tenant identifier. Required for multi-tenant deployments.", - "pattern": "^[a-zA-Z0-9_-]+$", - "example": "my-tenant-id" - } - } + "schema": { + "type": "object", + "properties": { + "resource": { + "type": "string", + "description": "dentifies the target API for which the token is being requested. Ensures the token is audience-bound to this specific API. Value format: urn:sap:identity:application:provider:name:public_api:{clientId}", + "pattern": "urn:sap:identity:application:provider:name:public_api:{clientId}" + }, + "tenantId": { + "type": "string", + "description": "Tenant identifier. Required for multi-tenant deployments.", + "pattern": "^[a-zA-Z0-9_-]+$", + "example": "my-tenant-id" } } } @@ -78,7 +75,6 @@ Constraints: } } } - ``` ### `x-sap-shortText` diff --git a/sap-schemas/v2.0/schema.json b/sap-schemas/v2.0/schema.json index 6fd13e1..45728d2 100644 --- a/sap-schemas/v2.0/schema.json +++ b/sap-schemas/v2.0/schema.json @@ -82,7 +82,7 @@ "enum": ["sap:base:v1", "sap:core:v1", "sap:core:v2"] }, "x-sap-oauth-body-parameter": { - "$ref": "#/definitions/RequestBody", + "$ref": "#/definitions/Schema", "description": "To describe additional authentication parameters to be passed during oauth authentication flow." }, "x-sap-shortText": { diff --git a/sap-schemas/v3.0/README.md b/sap-schemas/v3.0/README.md index 0ab915c..556ced5 100644 --- a/sap-schemas/v3.0/README.md +++ b/sap-schemas/v3.0/README.md @@ -35,9 +35,10 @@ Constraints: - Type: `Object` - Used at: [OpenAPI Object](https://spec.openapis.org/oas/v3.0.3#oauth-flow-object) (root level) - Description: To describe additional authentication parameters to be passed during oauth authentication flow. -- Example: +- Example: + ```json - { +{ "components": { "securitySchemes": { "oauth2": { @@ -51,23 +52,19 @@ Constraints: }, "x-sap-oauth-body-parameter": { "description": "The additional parameter to be passed during oauth authentication", - "content": { - "application/x-www-form-urlencoded": { - "schema": { - "type": "object", - "properties": { - "resource": { - "type": "string", - "description": "dentifies the target API for which the token is being requested. Ensures the token is audience-bound to this specific API. Value format: urn:sap:identity:application:provider:name:public_api:{clientId}", - "pattern": "urn:sap:identity:application:provider:name:public_api:{clientId}" - }, - "tenantId" : { - "type": "string", - "description": "Tenant identifier. Required for multi-tenant deployments.", - "pattern": "^[a-zA-Z0-9_-]+$", - "example": "my-tenant-id" - } - } + "schema": { + "type": "object", + "properties": { + "resource": { + "type": "string", + "description": "dentifies the target API for which the token is being requested. Ensures the token is audience-bound to this specific API. Value format: urn:sap:identity:application:provider:name:public_api:{clientId}", + "pattern": "urn:sap:identity:application:provider:name:public_api:{clientId}" + }, + "tenantId": { + "type": "string", + "description": "Tenant identifier. Required for multi-tenant deployments.", + "pattern": "^[a-zA-Z0-9_-]+$", + "example": "my-tenant-id" } } } @@ -78,7 +75,6 @@ Constraints: } } } - ``` Constraints: diff --git a/sap-schemas/v3.0/schema.json b/sap-schemas/v3.0/schema.json index 3fea534..04aae14 100644 --- a/sap-schemas/v3.0/schema.json +++ b/sap-schemas/v3.0/schema.json @@ -46,7 +46,7 @@ "enum": ["sap:base:v1", "sap:core:v1", "sap:core:v2"] }, "x-sap-oauth-body-parameter": { - "$ref": "#/definitions/RequestBody", + "$ref": "#/definitions/Schema", "description": "To describe additional authentication parameters to be passed during oauth authentication flow." }, "x-sap-shortText": { From 731ccc94f6ccd00bd9ece15eacd6b174750958d0 Mon Sep 17 00:00:00 2001 From: Manoj Kumar Pandey Date: Fri, 26 Jun 2026 12:40:35 +0530 Subject: [PATCH 8/8] corrected for specification 2.0 and 3.0 --- sap-extensions/extensions.json | 4 ---- sap-extensions/v2.0-extensions.json | 4 ++++ sap-extensions/v3.0-extensions.json | 4 ++++ sap-schemas/v2.0/schema.json | 8 ++++---- sap-schemas/v3.0/schema.json | 8 ++++---- 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/sap-extensions/extensions.json b/sap-extensions/extensions.json index 6b8f2c1..de50544 100644 --- a/sap-extensions/extensions.json +++ b/sap-extensions/extensions.json @@ -68,10 +68,6 @@ "sap:core:v2" ] }, - "x-sap-oauth-body-parameter": { - "$ref": "#/definitions/Schema", - "description": "To describe additional authentication parameters to be passed during oauth authentication flow." - }, "x-sap-shortText": { "type": "string", "description": "To display a short description of your APIs" diff --git a/sap-extensions/v2.0-extensions.json b/sap-extensions/v2.0-extensions.json index d0b5cd9..801b9c6 100644 --- a/sap-extensions/v2.0-extensions.json +++ b/sap-extensions/v2.0-extensions.json @@ -6,6 +6,10 @@ { "paths": ["definitions.schema.properties"], "properties": { + "x-sap-oauth-body-parameter": { + "$ref": "#/definitions/schema", + "description": "To describe additional authentication parameters to be passed during oauth authentication flow." + }, "x-sap-odm-semantic-key": { "type": "array", "description": "Semantic key is a human-readable identifier used exclusively for the purpose of identifying business objects by the end-user.", diff --git a/sap-extensions/v3.0-extensions.json b/sap-extensions/v3.0-extensions.json index bf0b686..6eb0302 100644 --- a/sap-extensions/v3.0-extensions.json +++ b/sap-extensions/v3.0-extensions.json @@ -6,6 +6,10 @@ { "paths": ["definitions.Schema.properties"], "properties": { + "x-sap-oauth-body-parameter": { + "$ref": "#/definitions/Schema", + "description": "To describe additional authentication parameters to be passed during oauth authentication flow." + }, "x-sap-odm-semantic-key": { "type": "array", "description": "Semantic key is a human-readable identifier used exclusively for the purpose of identifying business objects by the end-user.", diff --git a/sap-schemas/v2.0/schema.json b/sap-schemas/v2.0/schema.json index 45728d2..dda86f9 100644 --- a/sap-schemas/v2.0/schema.json +++ b/sap-schemas/v2.0/schema.json @@ -81,10 +81,6 @@ "description": "The compliance level that this API resource is expected to be compliant with. This corresponds to the [ORD policy level](https://pages.github.tools.sap/CentralEngineering/open-resource-discovery-specification/#/v1/generated/Document?id=package_policylevel) concept.", "enum": ["sap:base:v1", "sap:core:v1", "sap:core:v2"] }, - "x-sap-oauth-body-parameter": { - "$ref": "#/definitions/Schema", - "description": "To describe additional authentication parameters to be passed during oauth authentication flow." - }, "x-sap-shortText": { "type": "string", "description": "To display a short description of your APIs" @@ -1342,6 +1338,10 @@ "default": true, "description": "Property contains potentially sensitive personal data. Sensitive personal data is a category of personal data that needs special handling. The determination which personal data is sensitive may differ for different legal areas or industries. Examples of sensitive personal data: 1. Special categories of personal data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or sex life or sexual orientation. 2. Personal data subject to professional secrecy. 3. Personal data relating to criminal or administrative offenses. 4. Personal data concerning insurances and bank or credit card accounts." }, + "x-sap-oauth-body-parameter": { + "$ref": "#/definitions/schema", + "description": "To describe additional authentication parameters to be passed during oauth authentication flow." + }, "x-sap-odm-semantic-key": { "type": "array", "description": "Semantic key is a human-readable identifier used exclusively for the purpose of identifying business objects by the end-user.", diff --git a/sap-schemas/v3.0/schema.json b/sap-schemas/v3.0/schema.json index 04aae14..253d5d0 100644 --- a/sap-schemas/v3.0/schema.json +++ b/sap-schemas/v3.0/schema.json @@ -45,10 +45,6 @@ "description": "The compliance level that this API resource is expected to be compliant with. This corresponds to the [ORD policy level](https://pages.github.tools.sap/CentralEngineering/open-resource-discovery-specification/#/v1/generated/Document?id=package_policylevel) concept.", "enum": ["sap:base:v1", "sap:core:v1", "sap:core:v2"] }, - "x-sap-oauth-body-parameter": { - "$ref": "#/definitions/Schema", - "description": "To describe additional authentication parameters to be passed during oauth authentication flow." - }, "x-sap-shortText": { "type": "string", "description": "To display a short description of your APIs" @@ -735,6 +731,10 @@ "default": true, "description": "Property contains potentially sensitive personal data. Sensitive personal data is a category of personal data that needs special handling. The determination which personal data is sensitive may differ for different legal areas or industries. Examples of sensitive personal data: 1. Special categories of personal data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or sex life or sexual orientation. 2. Personal data subject to professional secrecy. 3. Personal data relating to criminal or administrative offenses. 4. Personal data concerning insurances and bank or credit card accounts." }, + "x-sap-oauth-body-parameter": { + "$ref": "#/definitions/Schema", + "description": "To describe additional authentication parameters to be passed during oauth authentication flow." + }, "x-sap-odm-semantic-key": { "type": "array", "description": "Semantic key is a human-readable identifier used exclusively for the purpose of identifying business objects by the end-user.",