This article is part of the article serie
Setting up OAuth 2.0 - IntroductionBefore you can setup a connection to Twinfield using OAuth 2.0 you need to register a client ID on Twinfield's developers portal.
Important: The client ID is meant to identify you as a developer to Twinfield's API. It's not meant for end users. Register a client ID that reflects your application and not your end user. Your end user has nothing to do with this. You can use one client ID for both test and production.
You can register a client ID for your application in Twinfield’s Developer Portal. This is the url: https://developers.twinfield.com
Before you can log in to the developers portal you need to register a free Wolters Kluwer Account.
Important: The Wolters Kluwer Account grants access to your client ID. The Wolters Kluwer Account should reflect your application and not your end user. Your end user has nothing to do with this. We recommend that you register a non personal account that you can share with collegeaus. You can use one Wolters Kluwer Account for both test and production.
After you have registered a Wolters Kluwer Account you can use it to log in to the developers portal.
Go to the menu Your connections. See the red arrow in the above image. In this menu you can create a new Client ID by clicking on the button New.
Use the table below the screenshot for a description of each field in the form. Did you finish creating your client ID? Then continue to the next step in the process:
Ask the end user for permission
| Field___________ | Explanation |
|---|
| Client ID | The client ID is meant to identify you as a developer to Twinfield's API. It's not meant for end users. Register a client ID that reflects your application and not your end user. Your end user has nothing to do with this. You can use one client ID for both test and production. |
| Product name | Later in the process of setting up a connection you will present your end user with a login screen. In this step the end user will log in to Twinfield to grant you permission to use his account. The user will see a message that says: <Product name> is requestion your permission.
<Product name> will be replaced by the name you choose here. Choose a name the end user will recognize. |
| Client secret | Click on the link Generate new to generate a new client secret. This is the password that belongs to your client ID. You will need this client secret later. This client secret should only be known to you as the developer. Your end user has nothing to do with this.
Good to know: You only need a client secret for the authorization code flow. It's not needed for the implicit flow. |
| Authorization flow | authorization code (recommended for web based applications)
If you select this option you will receive an authorization code which is valid for 5 minutes. The end user must log in during this process for you to receive the authorization code. You can use the authorization code to receive a refresh token which is valid for 25 years. You can then use this refresh token to generate access tokens which are valid for 1 hour.
implicit (recommended for JavaScript and desktop applications)
If you select this option you will receive an access token that is valid for 12 hours. The end user must log in during this process for you to receive the access token. After the access token has expired you must repeat this process. We don’t recommend this option because it requires the end user to log in to Twinfield each day he/she wants to connect to the API because the access token is only valid for 12 hours.
hybrid
It’s not recommended to use this option. |
| Access token type | Reference (default)
Use this option to receive a short access token. This is the default option to select.
Jwt (JSON Web Token)
Use this option to receive a long access token. |
| Ignore single sign on | Check this checkbox to make sure you are able to create a connection based on OAuth 2.0 without getting an error that it’s required for the user to login with Single Sign On (SSO). |
| Redirect url | Later in the process of setting up a connection you will present your end user with a login screen. This login screen is a popup shown by Twinfield. In this popup the end user will log in to Twinfield to grant you permission to use his account. After the user has granted you permission, Twinfield wants to close the popup and redirect the user to your website.
Do you already have a webpage that you can use for this? It should be a webpage that makes sense to the end user. It should display the name of your application and a message saying that your application has succesfully connected to Twinfield.
When Twinfield redirects your end user to the url that you provide here, it will also send along an authorization code in the url. Your webpage will have to be able to read the authorization code that is sent along in the url. You will read more about this authorization code in this article: Ask the end user for permission |
| Post logout redirect url | This feature is currently not available. You don’t need to configure it. |
