My Areas

Sign in to follow product and topic areas and get a shortcut in this menu
Visma eAccounting API
cancel
Showing results for 
Search instead for 
Did you mean: 
CONTRIBUTOR *

Support for more Oauth2 flows

Hi,

 

do you plan to support other flows in addition to Authorization code flow?

 

I am trying to authorize from desktop application written in 4D using built-in HTTP client commands (more or less like using cURL). I get the login page and when I try to post the form I am getting error. I tried sending cookies back, I figured out that there is hidden field in form that I fill form modelJson present in the page. All I get is error: "Ett oväntat fel inträffade".

 

Before I continue trying, is that possible at all?

 

Milan

 

P.S. I don't know if you aware, but by using only this flow it will be impossible to use your API from iOS applications.

3 REPLIES 3

Re: Support for more Oauth2 flows

Hi Milan,

 

relevant question!

We do not have any plans on supporting other flows than authorization code flow.

 

Your thoughts on why you think it will not be possible to create iOS apps would be much appreciated =)

 

Highlighted
CONTRIBUTOR *

Re: Support for more Oauth2 flows

Hi Anour,

 

if if that is the case, could you be so kind to give me an example, let’s say using cURL, how can I authorize and later get tokens to use API from desktop application without user clicking on Login button in the form? 

 

How I understood my friend who is iOS developer if you want to do the same what I want to do (authorize without user clicking on login button but using code only pretending that it is web browser on it’s side), to implement Authorization code flow it would be necessary to launch another Safari process which is forbidden on iOS.

 

Milan

 

Re: Support for more Oauth2 flows

Hi,

If you are considering to make a client with no user-click, that would not be possible in eAccounting API.

 

The reason is that we have decided that for our API we will only support authorization code flow.

I can imagine, as a few other of our customers, you would like to use something like "password flow" or "implicit flow" where you can request a token without any user-clicking, but we do not support this.