to get a personalized navigation.
to get a personalized navigation.
First, the documentation is still showing the old GUI. I can e.g. not find the "invite only" selection in the new GUI. Is "no market" the same as "invite only"?
The documentation says regarding redirect_uri:
"The value of this parameter must exactly match the value added on application registration. This includes the https scheme, the same case."
But RFC 8252 says
The authorization server MUST allow any port to be specified at the time of the request for loopback IP redirect URIs, to accommodate clients that obtain an available ephemeral port from the operating system at the time of the request.
How do you do authorization on e.g. a windows computer if you can't redirect to a dynamic local port?
Solved! Go to Solution.
Hi,
When it comes to the App store, native apps use the interactive authentication and does not need to be published as "invite only" as the API-scopes are based on the roles the user that authenticates has on it's account.
You can still choose to add marketplaces if you want your application to be visible on the Visma App store.
Regarding the redirect_uri, Visma Connect does not support dynamic/ephemeral port for the redirect_uri's.
One option is to register multiple redirect_uri's with different ports and choose the one that is available at runtime, another perhaps better option would be using a custom URI scheme and configure Windows to open the app when it is invoked, similiar to how Slack works with their desktop app.
Please let us know if you have any other questions and we'll raise it internally.
Thank you.
Thank you for your reply.
Seems very complicated to create a custom URI-scheme and have that pass the information to the running app. I will probably add many ports and hope at least one of them is available.
One other question. What do I use as scope when not using openid?
Hi,
According to the documentation, openID is required as scope. Using email and/or profile as well gives you the possibility to also get information about the user via the UserInfo endpoint.
Example:
curl --request GET --url https://connect.visma.com/connect/userinfo --header 'authorization: Bearer [YOUR_ACCESS_TOKEN]'
Response:
{
"sub": "1072cd43-d99a-4d44-84a2-5f80720c1a19",
"name": "John Doe",
"given_name": "John",
"family_name": "Doe",
"email": "john.doe@visma.com",
"email_verified": true,
"idp": "Visma Connect",
"auth_time": "1472622102",
"sid": "11474d36-22a3-40d8-925d-21af17826e38"
}
@Magnus Johnsen wrote:According to the documentation, openID is required as scope.
Depends on where you look
> "When OpenID Connect is enabled, your application can be configured with additional Identity Scopes that grants access to additional details regarding authenticated users. "
It also seems strange to force the user to accept access to personal information when the application doesn't need it.
I'm more interested to know which company name the user gave access to. Is that available somewhere?
@adrianm wrote:I'm more interested to know which company name the user gave access to. Is that available somewhere?
Hi Adrian, generated token can be used on JWT & UserInfo Enpoint, but I'm afraid those only contains tenant_ID instead of company name. I'll check this out and let you know if there is any option.
Thanks, I saw in another post that I can use the Organization endpoint to find the company name and it seems to work.
Also tested the JWT but it did not include the tenantid
Thanks for sharing, Adrian ! To my knowledge, to be able to get tenant_ID via JWT and UserInfo you need to adjust the following settings.
1) Developer Portal
2) Adding OpenID Identity scope : tenants to your token request
e.g.
openid email profile tenants vismanet_erp_interactive_api:create vismanet_erp_interactive_api:read vismanet_erp_interactive_api:update vismanet_erp_interactive_api:delete
Hi,
The "Invite only", it can be found here:
Regarding the redirect_URI, we'll check this internally and get back to you.
Copyright © 2022 Visma.com. All rights reserved.