API V8: Implementation of authorization code grant type flow missing

[HVStechnik]

Issue

The new API is brilliant! However, it so far lacks the authorization code grant type workflow. The depreciated v4 API following the oauth1 workflow allowed for a basic user authentification through requiring the user to login to SuiteCRM. The new new API currently only supports the client credentials and password grant types.

The underlying oauth2 server by thephpleague generally provides all grant types. It just is not yet implemented in SuiteCRM.

We use SuiteCRM as an authentification provider for a few other services. In order to switch to the new API, the authorization code grant type or even better openId connect would be helpful.

Question: Are there any plans to include the authorization code grant type? If not, we're thinking about implementing it ourselves. Would salesagility be open to include the authorization code grant type into SuiteCRM, if I create an according PR?

I just do not want to start working on this, if it either is under development on your side already or if there are any general or SuiteCRM specific objections regarding the authorization code grant, so that it should not be implemented.

Many thanks!

[Dillon-Brown]

Hi @HVStechnik, taking a look at the V8 docs, it does indeed look like we only support the password and client credentials grant. The authorization grant type for V8 isn't currently being worked on from our side but from asking around we wouldn't have any issues accepting a PR that adds in this functionality.

[HVStechnik]

Hi @Dillon-Brown, thanks for the positive feedback. I'll start working on this and get back to you with a PR in a few weeks.