Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Application Scope Violated error #659

Open
klaaskox opened this issue Sep 30, 2024 · 12 comments
Open

Application Scope Violated error #659

klaaskox opened this issue Sep 30, 2024 · 12 comments

Comments

@klaaskox
Copy link

Hi,

We have been using this client for years (it's the best 🥇), but today we are not able to communicate with EO anymore. When reading or creating data we get "Application Scope Violated" errors. We did not change anything in our code. Has anyone experienced this before? What could cause this all of a sudden?

Thanks!
@cihanarik
Copy link

cihanarik commented Sep 30, 2024 via email

@klaaskox
Copy link
Author

Authentication is done with client id / secret. Is it possible to check specific grants?

@Koenstell
Copy link

We are seeing the same thing happening:

Picqer\Financials\Exact\ApiException

Error 403: Forbidden - Application Scope Violated. Cannot read 'organization.administration' scope. (Reason: > AppScopeViolated: Application Scope Violated. Cannot read 'organization.administration' scope.)

Nothing changed to our code, started happening out of the blue. Also no apparent issues with the API endpoint for that matter.

@klaaskox
Copy link
Author

Our problem was caused by a change on the ExactOnline side. App scopes have recently become mandatory for security reasons. For some reason we missed that announcement. You will have to do a data & security review in the exact online app store. Since we only use the app internally (and therefore not in the app store), you can also use an app under a developers license. In that case, the review is not necessary.

No idea if your problem has the same cause, but maybe this will help you.

@Koenstell
Copy link

Thanks for your quick answer. Do you happen to have a reference to this announcement or change? Need to investigate how to deal with this.

@klaaskox
Copy link
Author

No I searched for the announcement, but could not find it. I found out about it by asking a question via the support section. They told me about it.

@klaaskox
Copy link
Author

I can send you the complete response they send me (in dutch)

@Koenstell
Copy link

That would be great (im Dutch too so that's fine).

@klaaskox
Copy link
Author

Onderwerp
403 - Forbidden - Application Scope Violated

Beschrijving

Sinds vandaag ontvangen we bij alle requests die we naar de API doen "403 - Forbidden - Application Scope Violated" errors. De koppeling die we gebruiken werkt al jarenlang probleemloos. Er is ook niets gewijzigd aan de instellingen / gebruikers. Waar kan dit door komen?

Oplossing

In september vorig jaar werd aangekondigd dat alle app-scopes vanwege beveiligingsredenen verplicht worden gesteld. Je hebt hier vorige maand ook een mail over ontvangen. Het is nu de periode dat de scopes worden enforced.

Leg de app naast de reference documentation en controleer welke API’s en endpoints door de app worden gebruikt. In de referentiedocumentatie vind je welke scopes bij welke endpoints horen. Als je alleen “GET”-verzoeken doet voor een specifiek endpoint, kun je de scopes instellen op “lezen”. Als je ook gegevens verzend via “POST”, “PUT” of “DELETE”, moet de scope worden ingesteld op “beheren”.

Volg de volgende stappen om de data- en beveiligingsreview in de appstore te doorlopen:

  1. Ga naar de appstore via [partners > exact online app store > log in > exact online app store: log in].

  2. Klik op je app en selecteer tabblad “Laten beoordelen”.

  3. Bewerk stap 1: “Data & Security Review”.

  4. Pas de scopes aan zoals nodig.

  5. Klik bovenaan de pagina op “Verstuur”.

De beoordeling wordt dan spoedig gedaan. Contacteer de leverancier van de koppeling indien de app niet onder je eigen licentie staat geregistreerd.

Ik hoop je hiermee voldoende te hebben geinformeerd.

Een fijne dag toegewenst!

@Koenstell
Copy link

Just to circle back here, it is indeed a matter of making sure the OAuth2 application that is configured in your account (the one you use to interact with the API) has access to the scopes you use.

image

In our case we had no access anymore to this application so we simply created a new one. Also, depending how you use it you don't need to put it up for review with Exact.

@remkobrenters
Copy link
Collaborator

@klaaskox can you confirm the answer of @Koenstell was sufficient and helped you resolve the scope issue?

@klaaskox
Copy link
Author

klaaskox commented Nov 8, 2024

@remkobrenters, yes, @Koenstell used the same solution as I did:

Our problem was caused by a change on the ExactOnline side. App scopes have recently become mandatory for security reasons. For some reason we missed that announcement. You will have to do a data & security review in the exact online app store. Since we only use the app internally (and therefore not in the app store), you can also use an app under a developers license. In that case, the review is not necessary.

No idea if your problem has the same cause, but maybe this will help you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cihanarik @remkobrenters @klaaskox @Koenstell