How does HansaWorld OAuth authentication work?
When using HansaWorld REST API 2.0 a user authentication mechanism OAuth is used. This article describes what is the order of actions and setup steps to authenticate a user (Standard ID) with HansaWorld to get data from a Standard ERP server to flex.bi server.
Setup of OAuth authentication
The initial setup of REST API 2.0 is described in HansaWorld REST API import page. Please follow steps there carefully as each of the requirements - HTTPs support for Standard ERP server, correct URL including the port used, accessibility from the internet, correct Client ID and Client Secret - is very important and can break the authentication flow.
Authentication flow
There are three parties involved in each OAuth authentication process - the flex.bi server requesting data, StandardID server authenticating the user (StandardID) and the Standard ERP server serving the data. The image below has a separate column for each of these servers and the respective actions.
Notes to the flow:
If the supplied Standard ID and password is not correct you will receive an error on the StandardID server (without redirect to flex.bi):
Access type must be 'offline' and response type must be 'code'
If the supplied Client ID, Client Secret or redirect URL are not correct you might get various error messages such as:
Source application did not authorize your request
- Each token issued by StandardID server has an expiration time. If the token expires then flex.bi will request a new one using the supplied refresh token
- In case of any issues with the process please try to enable REST API on SERP server with basic HTTP authentication and get some data directly in your browser as described in the REST API 2.0 setup guide step 4.
If the supplied StandardID user and password were correct, but did not have access to the REST API or the specific register you will receive errors such as:
Source application did not authorize your request. Please check your authentication information.
or
Received HTTP 405 error when requesting
- If anything fails in the authentication or data request process (such as no access rights or Standard ERP server is not reachable) process will start from step 1 again - asking for StandardID and password
Connectivity requirements:
- flex.bi Redirect URL has to be accessible from the internet or intranet (the network that is used for user access to the flex.bi server)
- Standard ERP server has to be able to reach StandardID server to check token and this is supported only over HTTPs connection