Reginald Jackson Posted April 28, 2021 Share Posted April 28, 2021 One of my customers wants to have an admin resource use my application to create and post sales and purchase invoices into SageOne, but they do not want that person to have the ability to log into SageOne itself. Given the way the initial authorization process works can anyone suggest how can this be done? Cheers Reg Link to comment Share on other sites More sharing options...
Administrators Ben Smith Posted May 7, 2021 Administrators Share Posted May 7, 2021 Hi Reginald, Apologies for the delay in getting back to you. The only way at present I can see this working is if your customer's user is only going to be using your application, if authentication is handled during initial setup by the admin, then subsequently you maintain the connection via the refresh token - anyone that uses your app after that should be able to do so without ever knowing the credentials required to log in and access the Sage Business Cloud Accounting (SBCA) business. Obviously this depends upon how you are handling multiple users of your app and if they are required to sign into SBCA when they start a session. Ben Link to comment Share on other sites More sharing options...
Reginald Jackson Posted May 7, 2021 Author Share Posted May 7, 2021 Thanks Ben. I've seen that this problem is universal, i.e. not just for SBCA, and it's an inherent weakness in the Oauth2 concept in my opinion. Some api suppliers are addressing it under the heading of M2M (machine to machine) access, and it would be interesting to know if SBCA are looking into this as well? Cheers Reg Link to comment Share on other sites More sharing options...
Administrators Ben Smith Posted May 7, 2021 Administrators Share Posted May 7, 2021 This is interesting, I'll see what I can find out and let you know! Ben Link to comment Share on other sites More sharing options...
Reginald Jackson Posted May 7, 2021 Author Share Posted May 7, 2021 👍 Link to comment Share on other sites More sharing options...
Administrators Ben Smith Posted May 12, 2021 Administrators Share Posted May 12, 2021 Hi Reginald, Just wanted to let you know its something we are considering, but I can't confirm if or when that will likely happen at this stage. I'll update you should I hear more. Ben Link to comment Share on other sites More sharing options...
Reginald Jackson Posted May 13, 2021 Author Share Posted May 13, 2021 Ok, thanks Ben. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now