to get a personalized navigation.
to get a personalized navigation.
How does scope work with native app authentication.
This one works
&scope=openid%20email%20offline_access
but this one
&scope=openid%20email%20offline_access%20vismanet_erp_service_api%3Aread
gives "Error page: invalid_scope Invalid scope"
Will the scope automatically inherit the user's access rights?
When I try to use the token I get error "Invalid audience"
{"ExceptionType":"IPPException","ExceptionMessage":"Invalid audience","ExceptionFaultCode":"12010","ExceptionMessageID":"12010_7eda3119-34de-4029-bc6a-8994d406dd19","ExceptionDetails":""}
In the JWT Token I see my ClientId as "aud"
Solved! Go to Solution.
Hi Adrian!
vismanet_erp_service_api is an API used for machine-to-machine integrations (client_credentials). Its scopes cannot be used with user authorization. I'm assuming your native application is interactive which means you have to use the Visma.net ERP interactive scopes (For instance: vismanet_erp_interactive_api:read). The scopes from the interactive API will ask the user for approval during the authentication process. So if you have read scopes it will prompt the user to approve (given that the user has API user role in Visma admin as explained here).
I hope that explains your question.
/ Suzdar
Ah, that makes sense. Thank you.
I tried "vismanet_erp_interactive_api:read" which worked but fetching the token failed with "invalid_tenant"
POST: https://connect.visma.com/connect/token
Headers: {
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Content-Length: 236
}
code=<code>&redirect_uri=http%3A%2F%2Flocalhost%3A49817%2F&client_id=<clientId>&code_verifier=CBoX5tXzqbeLItJ8KS92m9GcxiFzwBXmEkQY9u_Q8fw&grant_type=authorization_code
Response: 400 Bad Request
Headers: {
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, max-age=0
Date: Mon, 22 Jan 2024 10:46:42 GMT
Server: nginx
Content-Type: application/json; charset=UTF-8
}
{"error":"invalid_tenant"}
Do you have a way of retrieving the tenant_id? When authenticating you should come to a page like this:
I get a dialog like this
Tried several different organisations with same result. One of them was "d0510770-7d18-11ed-9891-0693d8a7c3dd" which I can access in the appstore. One thing to note is that I don't always get the approve prompt after I select company.
Do you receive an error code (guid)? If you receive one you can check in Developer Portal for a more detailed error message. I've tried this in Postman now and should be working fine, does your user have "API User" role in Visma admin in each respective company?
Great!
Thanks for the feedback. Will let the team know 😀.
There is no error message. The browser is redirected with a code
http://localhost:49817/?code=<code>&scope=email openid&state=xd4Eqv9V8vF6oEe-Un5p3yeaY4UDhRIYM0nizrrJyls&session_state=85Pp6M-t1M_5NShtMj8YCq8xheMP0cbkU-p3tFhPpHs.3B69200BADC85FE3E6C48367D8838FB7&iss=https%3A%2F%2Fconnect.visma.com
It is when I use the code to retrieve the token I get the error message I showed earlier.
Copyright © 2022 Visma.com. All rights reserved.