New API | Oauth and extra params

Hello. I am testing windmill for syncing changes between a WooCommerce shop and an ERP. I can't find this ERP in the list of resource types, so to handle oauth, request/refresh token, etc.. do I just submit a PR with endpoins and scopes added to

oauth_connect.json

oauth_connect.json

? Also the ERP is using

grant_type: client_credentials

grant_type: client_credentials

with an extra mandatory field

tenant_id

tenant_id

. Not sure how to go about setting this up, hoping for some guidance.

Hugo•4/15/24, 2:30 PM

Our oauth connector assumes the authorization code flow, your ERP doesn't support it?

jonkristianOP•4/15/24, 2:42 PM

Actually, it seems like it does. I was following a different setup tutorial a couple of weeks ago and it was not mentioned, however: https://community.visma.com/t5/Knowledge-base-in-Developers/Generating-token-with-oAuth2-for-Visma-Net-API-in-Postman/ta-p/270923

Visma Community

Generating token with oAuth2 for Visma.Net API in Postman

Manage environments Creating a new environment You can create a new environment from the: Manage Environments icon New button Launch screen Manage environments icon Click "Manage Environments" icon in the upper right corner of the Postman app. Select “Manage Environments”. Click the Add button. N...

Hugo•4/15/24, 2:43 PM

then you can just create a PR with the desired values added to oauth_connect.json
there is an extra_params attribute for any additional parameters

jonkristianOP•4/15/24, 2:44 PM

Ah, thanks, is there a way for me to test beforehand?

jonkristianOP•4/15/24, 2:45 PM

I am using cloud but I do have Docker setup locally as well

Hugo•4/15/24, 2:47 PM

you need to setup the dev environment i'm afraid
we have an option to set it up in the UI when self hosted but it's part of our EE license

Hugo•4/15/24, 2:48 PM

depending on how easy opening an account on visma is, i can also look at it myself when i have time

jonkristianOP•4/15/24, 3:06 PM

Nice! No, it isn't extremely difficult. They have a developer portal where you can create your application.

jonkristianOP•4/15/24, 3:09 PM

Here's the link to the developer portal for visma: https://connect.visma.com/?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dserviceregistry%26redirect_uri%3Dhttps%253A%252F%252Foauth.developers.visma.com%252Fservice-registry%252Fresources%252Fauth%252Flogin%26response_type%3Dcode%2520id_token%26response_mode%3Dform_post%26scope%3Dopenid%2520address%2520email%2520profile%2520tenants%26nonce%3DnpAVawbFoCU%26state%3DPtg3Bl5qU7j8MLLx3tjrDj6LJAiMzwEU-FCYQrp4_Mk

Hugo•4/15/24, 6:13 PM

can you try to make it work on postman and then send me the steps to follow?

jonkristianOP•4/15/24, 6:31 PM

Yes I can try that

jonkristianOP•4/15/24, 7:13 PM

Just for reference, I have a working postman setup with client_credentials. I can send a post with my client_id, client_secret, scope and tenant_id (This is whichever company I want to access, that has already accepted scopes for my app) and it will return a bearer token for me to use on that tenant, but it is short lived. I am trying to follow the guide for authorization endpoint in postman now, and will let you know if I have any luck.

jonkristianOP•4/15/24, 8:07 PM

Ok, it is not straight forward getting started with visma for you unfortunately. But I managed to get something working after reading up a bit, they have a lot of old and outdated content :/ Basically I did something similar to this example by visma: https://github.com/Visma-Software-AS-Product/PYTHON_Vnet_Connect_auth_interactive/blob/master/app.py

GitHub

PYTHON_Vnet_Connect_auth_interactive/app.py at master · Visma-Softw...

Demo application for Visma Connect Authentication to Visma.net ERP API - Interactive applications - Visma-Software-AS-Product/PYTHON_Vnet_Connect_auth_interactive

jonkristianOP•4/15/24, 8:10 PM

I had no idea what to put in callback url, but adding the postman callback seemed to work. Hope this is enough info

Hugo•4/16/24, 8:31 AM

looks good i'll create a pr

Jjonkristian I had no idea what to put in callback url, but adding the postman callback seeme...

Hugo•4/16/24, 8:33 AM

i think you need to enable offline access and add the offline_access scope if you want to get a refresh token for longer sessions

HHugo i think you need to enable offline access and add the offline_access scope if yo...

jonkristianOP•4/16/24, 8:35 AM

Thanks for the tip

jonkristianOP•4/16/24, 8:43 AM

And thank you so much for all the help!

Hugo•4/16/24, 11:46 AM

no problem

it's available on latest, can you try it locally (e.g. with docker compose) and confirm that it's working?
You will need to set the redirect uri to
https://<YOUR_INSTANCE>/oauth/callback/visma (probably http://localhost/oauth/callback/visma)

Hugo•4/16/24, 11:47 AM

you also need the visma resource type (i've created it on the hub so you should be able to get it by syncing with it)

Hugo•4/16/24, 11:49 AM

on windmill, the settings for oauth are inside "instance settings" -> "SSO/Oauth" -> "Oauth"

jonkristianOP•4/16/24, 11:59 AM

Nice! I will test and let you know

Hugo•4/16/24, 12:00 PM

Thanks!

jonkristianOP•4/16/24, 12:14 PM

hm, i got invalid scope error when trying to connect, I will take a look at their docs, maybe they've changed something.

Hugo•4/16/24, 12:15 PM

did you enable offline access?

Hugo•4/16/24, 12:15 PM

i've added the offline_access scope by default

Hugo•4/16/24, 12:15 PM

btw you can directly edit the scopes

jonkristianOP•4/16/24, 12:15 PM

Yes i saw, I removed all except read and update.

Hugo•4/16/24, 12:15 PM

okok

jonkristianOP•4/16/24, 12:18 PM

Ok, i think the scopes should be vismanet_erp_service_api:* , however I when redirected back to windmill I got this: Error parsing the response token, Internal: ErrorResponse { status: 400, error: ErrorResponse { error: InvalidRequest, error_description: None, error_uri: None } } , Anywhere to see the request/response?

Hugo•4/16/24, 12:20 PM

you should see an error in the server logs

jonkristianOP•4/16/24, 12:26 PM

ERROR request: windmill_common::error: Internal: ErrorResponse { status: 400, error: ErrorResponse { error: InvalidRequest, error_description: None, error_uri: None } } error=InternalErr("ErrorResponse { status: 400, error: ErrorResponse { error: InvalidRequest, error_description: None, error_uri: None } }") method=POST uri=/api/oauth/connect_callback/visma

jonkristianOP•4/16/24, 12:26 PM

That's all the errors i could see in the logs.

jonkristianOP•4/16/24, 12:27 PM

I will test some more

jonkristianOP•4/16/24, 1:23 PM

Hmm, no idea why it fails. I see the error parsing the response token top right corner for a second, everything on the visma side of things seems to work, the callback looks like this:

jonkristianOP•4/16/24, 1:47 PM

Ok, I think maybe I have to request access to visma interactive api, I've been using service api, I will try that.

jonkristianOP•4/16/24, 4:43 PM

It appears it is working now, I will try some code querying stuff tomorrow. Thanks again!

jonkristianOP•11/24/24, 12:57 PM

Hello. I have this recurring issue with the token renewal. After each period i have to manually re-connect the integration. It gives me . I've been playing around with the settings in visma over a period of several months just to see if it fixed it, but the issue still perists.

Any idea why this happens?

rubenf•11/25/24, 9:51 AM

That seems to be an error on wooCommerce side refusing to honor the refresh token. I would at least disable the part that expires the refresh token

Rrubenf That seems to be an error on wooCommerce side refusing to honor the refresh toke...

jonkristianOP•11/25/24, 11:44 AM

Thanks for replying. I will try that, and If it happens again, i will contact visma and see if they know anything about this.