MYOB identity team has been working on new MYOB ID Oauth 2.0 implementation. You might have noticed some changes, for example; the shorter access token. Also a new scope value "offline_access".
Shorter access code, access token and refresh token
- You will receive opaque string type token. You should treat it like secret; do not try to parse or decrypt.
Change in Response parameters
- For example: scope=CompanyFile+la.global+offline_access+openid&state=67107ea7c2d702cb95694c27
- state is standard parameter defined in https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1 if you pass this parameter you will need to validate it in the authorize response, otherwise you can ignore it.
- openid scope is oidc standard scope - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
- offline_access scope is oidc standard scope just to indicate that the refresh token can be issued https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
Hope this information was helpful. If you have any questions, log a ticket with the Customisation & Integration Team.
Comments
0 comments
Article is closed for comments.