jonkristian
jonkristian•7mo ago

New API | Oauth and extra params

Hello. I am testing windmill for syncing changes between a WooCommerce shop and an ERP. I can't find this ERP in the list of resource types, so to handle oauth, request/refresh token, etc.. do I just submit a PR with endpoins and scopes added to oauth_connect.json ? Also the ERP is using grant_type: client_credentials with an extra mandatory field tenant_id. Not sure how to go about setting this up, hoping for some guidance.
24 Replies
Hugo C.
Hugo C.•7mo ago
Our oauth connector assumes the authorization code flow, your ERP doesn't support it?
jonkristian
jonkristian•7mo ago
Actually, it seems like it does. I was following a different setup tutorial a couple of weeks ago and it was not mentioned, however: https://community.visma.com/t5/Knowledge-base-in-Developers/Generating-token-with-oAuth2-for-Visma-Net-API-in-Postman/ta-p/270923
Visma Community
Generating token with oAuth2 for Visma.Net API in Postman
Manage environments Creating a new environment You can create a new environment from the: Manage Environments icon New button Launch screen Manage environments icon Click "Manage Environments" icon in the upper right corner of the Postman app. Select “Manage Environments”. Click the Add button. N...
Hugo C.
Hugo C.•7mo ago
then you can just create a PR with the desired values added to oauth_connect.json there is an extra_params attribute for any additional parameters
jonkristian
jonkristian•7mo ago
Ah, thanks, is there a way for me to test beforehand? I am using cloud but I do have Docker setup locally as well
Hugo C.
Hugo C.•7mo ago
you need to setup the dev environment i'm afraid we have an option to set it up in the UI when self hosted but it's part of our EE license depending on how easy opening an account on visma is, i can also look at it myself when i have time
Hugo C.
Hugo C.•7mo ago
can you try to make it work on postman and then send me the steps to follow?
jonkristian
jonkristian•7mo ago
Yes I can try that Just for reference, I have a working postman setup with client_credentials. I can send a post with my client_id, client_secret, scope and tenant_id (This is whichever company I want to access, that has already accepted scopes for my app) and it will return a bearer token for me to use on that tenant, but it is short lived. I am trying to follow the guide for authorization endpoint in postman now, and will let you know if I have any luck.
jonkristian
jonkristian•7mo ago
Ok, it is not straight forward getting started with visma for you unfortunately. But I managed to get something working after reading up a bit, they have a lot of old and outdated content :/ Basically I did something similar to this example by visma: https://github.com/Visma-Software-AS-Product/PYTHON_Vnet_Connect_auth_interactive/blob/master/app.py
GitHub
PYTHON_Vnet_Connect_auth_interactive/app.py at master · Visma-Softw...
Demo application for Visma Connect Authentication to Visma.net ERP API - Interactive applications - Visma-Software-AS-Product/PYTHON_Vnet_Connect_auth_interactive
jonkristian
jonkristian•7mo ago
I had no idea what to put in callback url, but adding the postman callback seemed to work. Hope this is enough info 🙂
No description
No description
No description
Hugo C.
Hugo C.•7mo ago
looks good i'll create a pr i think you need to enable offline access and add the offline_access scope if you want to get a refresh token for longer sessions
jonkristian
jonkristian•7mo ago
Thanks for the tip 🙂 And thank you so much for all the help!
Hugo C.
Hugo C.•7mo ago
no problem 🙂 it's available on latest, can you try it locally (e.g. with docker compose) and confirm that it's working? You will need to set the redirect uri to https://<YOUR_INSTANCE>/oauth/callback/visma (probably http://localhost/oauth/callback/visma) you also need the visma resource type (i've created it on the hub so you should be able to get it by syncing with it) on windmill, the settings for oauth are inside "instance settings" -> "SSO/Oauth" -> "Oauth"
jonkristian
jonkristian•7mo ago
Nice! I will test and let you know 🙂
Hugo C.
Hugo C.•7mo ago
Thanks!
jonkristian
jonkristian•7mo ago
hm, i got invalid scope error when trying to connect, I will take a look at their docs, maybe they've changed something.
Hugo C.
Hugo C.•7mo ago
did you enable offline access? i've added the offline_access scope by default btw you can directly edit the scopes
jonkristian
jonkristian•7mo ago
Yes i saw, I removed all except read and update.
Hugo C.
Hugo C.•7mo ago
okok
jonkristian
jonkristian•7mo ago
Ok, i think the scopes should be vismanet_erp_service_api:* , however I when redirected back to windmill I got this: Error parsing the response token, Internal: ErrorResponse { status: 400, error: ErrorResponse { error: InvalidRequest, error_description: None, error_uri: None } } , Anywhere to see the request/response?
Hugo C.
Hugo C.•7mo ago
you should see an error in the server logs
jonkristian
jonkristian•7mo ago
ERROR request: windmill_common::error: Internal: ErrorResponse { status: 400, error: ErrorResponse { error: InvalidRequest, error_description: None, error_uri: None } } error=InternalErr("ErrorResponse { status: 400, error: ErrorResponse { error: InvalidRequest, error_description: None, error_uri: None } }") method=POST uri=/api/oauth/connect_callback/visma That's all the errors i could see in the logs. I will test some more Hmm, no idea why it fails. I see the error parsing the response token top right corner for a second, everything on the visma side of things seems to work, the callback looks like this: 2024-04-16T13:15:48.028302Z INFO request: windmill_api::tracing_init: response latency=0 status=200 method=GET uri=/oauth/callback/visma?code=20613DD0936852BFF8082B40F82345987255796C0926BB2607855B03A6812B&state=Vz3BIAfV9s5KQ&iss=https%3A%2F%2Fconnect.visma.com
jonkristian
jonkristian•7mo ago
Ok, I think maybe I have to request access to visma interactive api, I've been using service api, I will try that.
No description
jonkristian
jonkristian•7mo ago
It appears it is working now, I will try some code querying stuff tomorrow. Thanks again!