David Goodenough-2 wrote > The problem is that GC needs to be allocated a program ID which we have to > keep secret, > but needs to be issued to any user. No ID and GC users can not go through > the OAuth2 > process every 18 months. > > GC could put the code on a web site and have the GC code retrieve it, > which is the cabinet > office solution to the problem, but given that the code to retreive it > would be open source > GC would have no control over how the code was used. If HMRC decide that > someone > using the GC code is messing with their systems then they would ban that > code and thus > all legitimate GC users.
I read through the MTD (VAT) API documentation <https://developer.service.hmrc.gov.uk/api-documentation/docs/api/service/vat-api/1.0#_submit-vat-return-for-period_post_accordion> yesterday, and although the API itself looks relatively straightforward, I agree that the Authorization aspect is the hard part if you are not used to writing this type of application. By my reading of HMRC's OAuth 2.0 documentation <https://developer.service.hmrc.gov.uk/api-documentation/docs/authorisation/user-restricted-endpoints> , the client_id (which I assume is what you mean by a program ID) is not a secret, it's merely a unique identifier for the application. It looks like communication with the app uses i) a URI for the app (which can be local); ii) the client_id to ensure it is talking to the right type of app; and iii) an optional state variable that the app can generate to distinguish different interactions. The basic idea seems to be that your software is expected to be able to make the HMRC's login page visible to the user, and give a redirect URI so that, once the user has logged in, the HMRC server can return a code to the original calling app at this URI. The original app then has 10 minutes to POST this code to HMRC's token endpoint to get back an access token that it can use against the MTD (VAT) API for the next 4 hours before having to refresh it. Caveat: I haven't tried it yet. I'm not planning on using GnuCash, but I'm considering writing bridging software from LibreOffice calc, and I came across this thread while searching for MTD solutions that will work on Linux. I don't really want to spend my time on this, but I might have to, given I do the accounting for two small VAT-registered businesses. Bob -- Sent from: http://gnucash.1415818.n4.nabble.com/GnuCash-User-f1415819.html _______________________________________________ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user If you are using Nabble or Gmane, please see https://wiki.gnucash.org/wiki/Mailing_Lists for more information. ----- Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
