Not sure where we're going wrong here. First off the app: oidc-redirect works as expected, scopes included is 'profile email openid roles tenants'. Retrieving a token returns the data: {
"id_token": "<token value>",
"access_token": "<token value>",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "profile email openid roles tenants"
} Looks fine. But then retrieving https://connect.visma.com/connect/userinfo returns: {
"sub": "<guid>",
"email": "<my e-mail>",
"email_verified": true,
"locale": "nb-NO",
"name": "<my name>",
"given_name": "<my name>",
"family_name": "<my name>",
"created_at": 1623067455,
"updated_at": 1725350746,
"picture": "<url>",
"roles": [],
"tenants": []
} Feels like i've tried every combination of scope and settings in dev-portal, but nothing. I read in another thread: API access
If your app only uses openid, email and profile the access token cannot be used for calling ERP API. When using the tenants scope together with the scopes of the API your app can obtain tenant information from the /connect/userinfo endpoint. The response will contain an array of tenants where the user has access to. So I tried adding scopes like vismanet_erp_interactive_api:read, but the only difference seems to be that we get tenant selected: {
"sub": "<guid>",
"email": "<my e-mail>",
"email_verified": true,
"locale": "nb-NO",
"name": "<my name>",
"given_name": "<my name>",
"family_name": "<my name>",
"created_at": 1623067455,
"updated_at": 1725350746,
"picture": "<url>",
"roles": [],
"built_in_roles": [],
"tenant_id": "<selected tenant>",
"tenant_external_id": "<vni id>",
"tenant_owner_client_id": "odp",
"tenants": [],
"features": []
} There's not many posts talking about this so obviously I'm doing something wrong. But what? Any ideas?
... View more