How do I register my Open Integration Platform application for Token Authentication to get an Oauth2.0 client ID and client secret?
- Article Type:
- How To
- Last Modified:
- 08/24/2023
Objectives
- Learn how to register an Oauth2.0 client application for OIP Token Authentication
- Obtain the client ID and client secret that is used when developing with Token Authentication APIs
Environment
- CCH Axcess
- CCH Axcess Open Integration Platform
Procedure
This article is for developers who are creating applications with the Open Integration Platform using token authentication. If you happen to be working with a software solution provided by a third-party vendor that is using the Open Integration Platform please reference this article, How do Open Integration Platform Vendor Applications Manage Login for Firm Users
Register a new client application to obtain a client ID and client secret with the following steps:
Register a new client application to obtain a client ID and client secret with the following steps:
- Install any CCH Axcess product as described in How do I install, repair, uninstall, or download CCH Axcess™ products?
- Login into CCH Axcess Dashboard using:
- Your account number that is licensed for Open Integration
- A userID that has permission to view firm settings
- Navigate to Dashboard > Application Links > Firm > Developer Tools
- Click Add Application.
- Enter the application details
- Application Name - Users see this name when prompted to grant access to your application
- Application Type - We recommend Authorization Code because it is more secure than Implicit. More details are in Comparing Authorization Code and Implicit flows and application types in OIP Token Authentication
- Description
- Access token lifetime - An access token is used when making an API request to a protected resource. This setting determines when this this type of a token will expire. For more details refer to the implementation instructions in the Additional Information section below.
- Refresh token lifetime - When using authorization code flow, a refresh token is used to obtain a new access token. This setting determines when a refresh token will expire. For more details refer to the implementation instructions in the Additional Information section below.
- Select the scopes required by your application. We recommend using the following scopes:
- CCHAxcess_data_writeaccess - Allows the application to read or write CCH Axcess data as determined by the user's licenses and membership in security groups.
- CCHAxcess_Profile - Provides additional information in the ID token about the authorizing user such as email and name.
- IDInfo - Required to obtain the ID token that us used for logout.
- offline_access - Required to obtain a refresh token.
- Openid - Required to have sub claims.
- Enter re-direct URLs such as https://www.yourOIPapp.net which are used for login and logout flows. Localhost is not an allowed re-direct URL, it is blocked due to security concerns. For more details refer to the implementation instructions and reply URL restriction error in the Additional Information section below.
- Copy the client ID and client secret into some secure storage that you manage. These will be used in your implementation.
Additional Information
Overview - What is Token Authentication (OAuth2) for CCH Axcess Open Integration Platform (OIP)?
Implementation - How do I implement Oauth2 token authentication in my OIP application?
Reply URL Restriction Error - Wolters Kluwer Maintenance page is being returned when trying to authenticate with CCH Axcess™ Open Integration Platform API's.
Implementation - How do I implement Oauth2 token authentication in my OIP application?
Reply URL Restriction Error - Wolters Kluwer Maintenance page is being returned when trying to authenticate with CCH Axcess™ Open Integration Platform API's.
| Solution Id | 000256426/000106244 |
|---|---|
| Direct Link |
