New API | Oauth and extra params
Hello. I am testing windmill for syncing changes between a WooCommerce shop and an ERP. I can't find this ERP in the list of resource types, so to handle oauth, request/refresh token, etc.. do I just submit a PR with endpoins and scopes added to
oauth_connect.json
? Also the ERP is using grant_type: client_credentials
with an extra mandatory field tenant_id
. Not sure how to go about setting this up, hoping for some guidance.24 Replies
Our oauth connector assumes the authorization code flow, your ERP doesn't support it?
Actually, it seems like it does. I was following a different setup tutorial a couple of weeks ago and it was not mentioned, however: https://community.visma.com/t5/Knowledge-base-in-Developers/Generating-token-with-oAuth2-for-Visma-Net-API-in-Postman/ta-p/270923
Visma Community
Generating token with oAuth2 for Visma.Net API in Postman
Manage environments Creating a new environment You can create a new environment from the: Manage Environments icon New button Launch screen Manage environments icon Click "Manage Environments" icon in the upper right corner of the Postman app. Select “Manage Environments”. Click the Add button. N...
then you can just create a PR with the desired values added to oauth_connect.json
there is an extra_params attribute for any additional parameters
Ah, thanks, is there a way for me to test beforehand?
I am using cloud but I do have Docker setup locally as well
you need to setup the dev environment i'm afraid
we have an option to set it up in the UI when self hosted but it's part of our EE license
depending on how easy opening an account on visma is, i can also look at it myself when i have time
Nice! No, it isn't extremely difficult. They have a developer portal where you can create your application.
Here's the link to the developer portal for visma: https://connect.visma.com/?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dserviceregistry%26redirect_uri%3Dhttps%253A%252F%252Foauth.developers.visma.com%252Fservice-registry%252Fresources%252Fauth%252Flogin%26response_type%3Dcode%2520id_token%26response_mode%3Dform_post%26scope%3Dopenid%2520address%2520email%2520profile%2520tenants%26nonce%3DnpAVawbFoCU%26state%3DPtg3Bl5qU7j8MLLx3tjrDj6LJAiMzwEU-FCYQrp4_Mk
can you try to make it work on postman and then send me the steps to follow?
Yes I can try that
Just for reference, I have a working postman setup with client_credentials. I can send a post with my client_id, client_secret, scope and tenant_id (This is whichever company I want to access, that has already accepted scopes for my app) and it will return a bearer token for me to use on that tenant, but it is short lived. I am trying to follow the guide for authorization endpoint in postman now, and will let you know if I have any luck.
Ok, it is not straight forward getting started with visma for you unfortunately. But I managed to get something working after reading up a bit, they have a lot of old and outdated content :/ Basically I did something similar to this example by visma: https://github.com/Visma-Software-AS-Product/PYTHON_Vnet_Connect_auth_interactive/blob/master/app.py
GitHub
PYTHON_Vnet_Connect_auth_interactive/app.py at master · Visma-Softw...
Demo application for Visma Connect Authentication to Visma.net ERP API - Interactive applications - Visma-Software-AS-Product/PYTHON_Vnet_Connect_auth_interactive
I had no idea what to put in callback url, but adding the postman callback seemed to work. Hope this is enough info 🙂
looks good i'll create a pr
i think you need to enable offline access and add the offline_access scope if you want to get a refresh token for longer sessions
Thanks for the tip 🙂
And thank you so much for all the help!
no problem 🙂 it's available on latest, can you try it locally (e.g. with docker compose) and confirm that it's working?
You will need to set the redirect uri to
https://<YOUR_INSTANCE>/oauth/callback/visma (probably http://localhost/oauth/callback/visma)
you also need the visma resource type (i've created it on the hub so you should be able to get it by syncing with it)
on windmill, the settings for oauth are inside "instance settings" -> "SSO/Oauth" -> "Oauth"
Nice! I will test and let you know 🙂
Thanks!
hm, i got invalid scope error when trying to connect, I will take a look at their docs, maybe they've changed something.
did you enable offline access?
i've added the offline_access scope by default
btw you can directly edit the scopes
Yes i saw, I removed all except read and update.
okok
Ok, i think the scopes should be vismanet_erp_service_api:* , however I when redirected back to windmill I got this: Error parsing the response token, Internal: ErrorResponse { status: 400, error: ErrorResponse { error: InvalidRequest, error_description: None, error_uri: None } } , Anywhere to see the request/response?
you should see an error in the server logs
ERROR request: windmill_common::error: Internal: ErrorResponse { status: 400, error: ErrorResponse { error: InvalidRequest, error_description: None, error_uri: None } } error=InternalErr("ErrorResponse { status: 400, error: ErrorResponse { error: InvalidRequest, error_description: None, error_uri: None } }") method=POST uri=/api/oauth/connect_callback/visma
That's all the errors i could see in the logs.
I will test some more
Hmm, no idea why it fails. I see the error parsing the response token top right corner for a second, everything on the visma side of things seems to work, the callback looks like this:
2024-04-16T13:15:48.028302Z INFO request: windmill_api::tracing_init: response latency=0 status=200 method=GET uri=/oauth/callback/visma?code=20613DD0936852BFF8082B40F82345987255796C0926BB2607855B03A6812B&state=Vz3BIAfV9s5KQ&iss=https%3A%2F%2Fconnect.visma.com
Ok, I think maybe I have to request access to visma interactive api, I've been using service api, I will try that.
It appears it is working now, I will try some code querying stuff tomorrow. Thanks again!