Connected Applications

Form ID: (SM303010)

You use this form to register OAuth 2.0 or OpenID Connect (OIDC) client applications in MYOB Acumatica; you can also use the form to review the access settings of an application and to revoke the access that has been granted. For details about implementation of OAuth 2.0 or OIDC client applications, see Authorizing Client Applications to Work with MYOB Acumatica.

Form Toolbar

The form toolbar includes standard and form-specific buttons and commands. For the list of standard buttons, see Form Toolbar and More Menu. The form-specific commands are listed in the following table.

Button Description
Revoke Access Revokes the access that has been provided to the application. When you invoke this action, the system removes from the database all access tokens generated for this application, and the application cannot access data in MYOB Acumatica by providing any of these tokens.
Note:
After you have revoked access, all access tokens of the client application are removed from the MYOB Acumatica database, and these tokens cannot be used to access data in MYOB Acumatica. However, the client secrets remain valid until their expiration dates (if applicable), and the application can use these secrets to request a new access token.
Authorise Velixo Adds your Velixo Reporting records to MYOB Advanced.
Note:
To add Velixo Reporting generic inquiries, you can use the Microsoft Excel add-on, which requires a Velixo Reporting licence that is paid for separately from MYOB Advanced.

Summary Area

In this area, you can register a client application to which you want to grant access or select a registered application and then edit its access settings.
Table 1. Summary Elements
Element Description
Client ID

The automatically generated ID of the client application. MYOB Acumatica generates this ID when you save a new client application on the form; you cannot enter the value of this field manually for a new client application. The client application uses this ID during authentication in MYOB Acumatica.

The format of the client ID is <GUID>@<Company_ID>, where <GUID> is an auto-generated string, and <Company_ID> is the ID of the company to which data the client application can request access. This company ID is the ID of the company to which the user who registered the client application was logged in at the time of registration.

To view the settings of an existing client application, select the identifier of the client application in this box.

Client Name Required. The name of the client application.
Active

A check box that indicates (if selected) that the registration of this client application is active and the application can access MYOB Acumatica by using the provided client credentials.

By default, the check box is selected.

Flow The flow that is used by the client application for authentication in MYOB Acumatica. The flow can be one of the following options:

If Authorization Code, Resource Owner Password Credentials, or Hybrid is selected, the Refresh Tokens section appears.

Plug-In The plug-in that contains custom claims. Such plug-ins can be implemented in customization projects.
Table 2. Refresh Tokens SectionIn this section, you can review and specify the settings related to the expiration of refresh tokens. The section appears only if Authorization Code, Resource Owner Password Credentials, or Hybrid is selected in the Flow box in the Summary area.
Element Description
Mode The mode of expiration of refresh tokens. You can select one of the following options:
  • Absolute Expiration: A refresh token expires when the total number of days in the refresh token's lifetime (from its initial issuing) exceeds the number of days that is specified in the Absolute Lifetime (Days) box.
  • Sliding Expiration: The lifetime of the refresh token can be extended multiple times by the period of the sliding lifetime, which is specified in the Sliding Lifetime (Days) box. The refresh token can be extended until its total lifetime (from its initial issuing) exceeds the number of days that is specified in the Absolute Lifetime (Days) box. If the Infinite check box is selected for the absolute lifetime, the lifetime of the refresh token can be extended endlessly. For details about how the sliding expiration works, see Registration of an OAuth 2.0 or OIDC Application: Sliding Expiration of Refresh Tokens.
  • No Refresh Tokens: The system does not issue refresh tokens. If a connected application requests the offline_access scope (that is, requests that a refresh token be granted), an error is returned.

By default, Absolute Expiration is selected. If Absolute Expiration is selected, only Mode and Absolute Lifetime (Days) appear in this section. If No Refresh Tokens is selected, only Mode appears in this section.

Absolute Lifetime (Days) The number of days after which the user must reauthenticate and grant permissions to a connected application so that the application can continue working with MYOB Acumatica.

If Absolute Expiration is selected in the Mode box, the default absolute lifetime is 30 days. You can specify any number of days from 1 to 60.

If Sliding Expiration is selected in the Mode box, the default absolute lifetime is 90 days. You can specify any number of days from 1 to 365.

The box appears only if Absolute Expiration or Sliding Expiration is selected in the Mode box.

Infinite A check box that indicates (if selected) that the absolute lifetime is infinite.

By default, this check box is cleared. If the check box is selected, the Absolute Lifetime (Days) box is unavailable for editing.

The check box appears only if Sliding Expiration is selected in the Mode box.

Sliding Lifetime (Days) The number of days that extends the lifetime of a refresh token. The default sliding lifetime is 15 days. You can specify any number of days from 1 to 60.

The check box appears only if Sliding Expiration is selected in the Mode box.

Secrets Tab

You use this tab to add secrets, which are used during application authorization, for the selected application. You can use one secret or multiple secrets for the selected application. For an already-registered client application, you can also edit and delete the secrets that have been defined on this tab.
Note:
The system ignores any secrets for an application with the Implicit flow, so you should not add secrets in this case.
Table 3. Table Toolbar

The table toolbar includes standard buttons and buttons that are specific to this table. For the list of standard buttons, see Table Toolbar. The table-specific buttons are listed below.

Button Description
Add Shared Secret Opens the Add Shared Secret dialog box, which you can use to add a secret of the Shared Secret type to the list of secrets of the client application on this tab.
Add JSON Web Key Opens the Add JSON Web Key dialog box, which you can use to add a JSON Web Key (JWK) for the client application.
Add JSON Web Key Set URL Opens the Add JSON Web Key Set URL dialog box, which you can use to add a URL for JSON Web Key Set (JWKS URL) for the client application.
Table 4. Table Columns
Column Description
Type The type of the secret, which can be one of the following:
  • Shared Secret
  • JSON Web Key
  • JSON Web Key Set URL
Description The description of the secret.
Expires On (UTC) The date and time when the secret expires. Expired secrets remain in the table rather than being deleted automatically.
Value The value of the secret. For shared secrets, the value is hidden with ********.
Table 5. Add Shared Secret Dialog BoxIn the Add Shared Secret dialog box, you can create a secret of the Shared Secret type for the application.
Element Description
Description Required. The description of the secret.
Expires On (UTC) The date and time when the secret expires. Expired secrets remain in the table on Secrets tab rather than being deleted automatically.
Value Required. The value of the secret. The value is generated automatically by the system when you open the dialog box to create a shared secret. To be authorized in MYOB Acumatica, the client application must provide this value along with other authorization parameters.
Important:
For security reasons, the value of the secret is displayed only once: during the creation of the secret in this dialog box. You should copy and save this value before you close the dialog box.
The dialog box has the following buttons.
OK Closes the dialog box and adds the new secret to the table on the Secrets tab.
Cancel Closes the dialog box without creating a secret.
Table 6. Add JSON Web Key Dialog BoxIn the Add JSON Web Key dialog box, you can create a secret of the JSON Web Key type for the application.
Element Description
Description The description of the secret.
Expires On (UTC) The date and time when the secret expires. Expired secrets remain in the table on Secrets tab rather than being deleted automatically.
Value Required. The value of the secret. You enter a JSON Web Key (JWK) in this box. For JWK, MYOB Acumatica supports the format that is defined in RFC7517 (https://datatracker.ietf.org/doc/html/rfc7517#section-4).
The dialog box has the following buttons.
OK Closes the dialog box and adds the new secret to the table on the Secrets tab.
Cancel Closes the dialog box without creating a secret.
Table 7. Add JSON Web Key Set URL Dialog BoxIn the Add JSON Web Key Set URL dialog box, you can create a secret of the JSON Web Key Set URL type for the application.
Element Description
Description The description of the secret.
Expires On (UTC) The date and time when the secret expires. Expired secrets remain in the table on Secrets tab rather than being deleted automatically.
Value Required. The value of the secret. You insert a URL for JSON Web Key Set (JWKS URL) in this box. The JWKS URL should point to a location that satisfies the following requirements:
  • It is accessible from each MYOB Acumatica instance that is used with the client application. If the location is inaccessible, the token request is declined with the invalid_client error.
  • It complies with RFC7515 (https://datatracker.ietf.org/doc/html/rfc7517#section-5).
  • It should support a reasonable load because each MYOB Acumatica instance that is used with the client application will access this location on every token request.
The dialog box has the following buttons.
OK Closes the dialog box and adds the new secret to the table on the Secrets tab.
Cancel Closes the dialog box without creating a secret.

Redirect URIs Tab

You use this tab to add or remove the unique resource identifiers (URIs) to which the client application is redirected after the user is authenticated in MYOB Acumatica and grants access to the application.
Note:
A redirect URI is not necessary if you are registering a client application with the resource owner password credentials flow (that is, a client application with Resource Owner Password Credentials selected in the Flow box of the Summary area).

The table toolbar includes only standard buttons. For the list of standard buttons, see Table Toolbar.

Table 8. Table Columns
Column Description
Redirect URI

The URI to which the client application should be redirected after the user is authenticated in MYOB Acumatica and grants access to the application. The redirect URI must be absolute and must not have the fragment part (the part preceded with #).

The system compares this URI with the URI specified in the authorization request of the client application, and if these URIs are not identical, redirection fails.

Claims Tab

You use this tab to select the claims that are to be returned in the response to the client application. The table contains standard claims (those defined in MYOB Acumatica) and custom claims (those defined in the selected plug-in).

The table toolbar includes only standard buttons. For the list of standard buttons, see Table Toolbar.

Table 9. Table Columns
Column Description
Active A check box that indicates whether the claim should be returned in the response to the client application. By default, the check box is selected.
Claim Name The name of the claim.
Scope The scope that the claim belongs to.
Plug-In The plug-in in which the claim is defined. For a standard claim, the value is Built-in. For a custom claim, the value is taken from the Plug-In box of the form.