© 2023 DID. All Rights Reserved
footer image: Followers of God, by Dolores Puthod, 1978
Get In Touch
Address
via della Conciliazione, 5
00120 Vatican City
Email: Office and Human Fraternity Day
dialogo@interrel.va
humanfraternityday@interrel.va
Lexoffice.login Today
# Exchange data = "grant_type": "authorization_code", "code": auth_code, "redirect_uri": self.redirect_uri, "client_id": self.client_id, "code_verifier": self.code_verifier resp = requests.post(self.TOKEN_URL, data=data) resp.raise_for_status() tokens = resp.json() return tokens # contains access_token, refresh_token, expires_in
import hashlib import secrets import requests from urllib.parse import urlencode, urlparse, parse_qs class LexofficeLogin: AUTH_URL = "https://login.lexoffice.io/connect/authorize" TOKEN_URL = "https://login.lexoffice.io/connect/token" lexoffice.login
def _generate_pkce_pair(self): """Generate code_verifier and code_challenge (S256).""" self.code_verifier = secrets.token_urlsafe(64)[:128] code_challenge = hashlib.sha256(self.code_verifier.encode()).digest() # Base64url encode without padding code_challenge = secrets.token_urlsafe(32) # simplified; use proper base64url # For correctness, implement: import base64 code_challenge = base64.urlsafe_b64encode( hashlib.sha256(self.code_verifier.encode()).digest() ).decode().rstrip("=") return code_challenge Authentication
Future work could explore automated refresh token handling and background token refresh in SPAs using Web Workers. The principles outlined here are transferable to any OAuth2‑protected financial API. [1] lexoffice API Documentation. Authentication . Retrieved from https://developers.lexoffice.io/docs/#authentication [2] IETF RFC 6749 – The OAuth 2.0 Authorization Framework. [3] IETF RFC 7636 – Proof Key for Code Exchange (PKCE). [4] OWASP. OAuth 2.0 Security Cheat Sheet . [5] lexoffice OpenID Configuration – https://login.lexoffice.io/.well-known/openid-configuration Appendix – Full Token Response Example [4] OWASP
– lexoffice, OAuth 2.0, PKCE, API security, cloud accounting, single-page application (SPA), authentication flow. 1. Introduction lexoffice is a leading cloud accounting software for small and medium-sized enterprises (SMEs) in Germany. Its API (documented at https://developers.lexoffice.io ) enables automated invoice creation, contact management, and financial reporting. All API endpoints require authenticated access, governed by the lexoffice.login process.
def __init__(self, client_id, redirect_uri, scopes=None): self.client_id = client_id self.redirect_uri = redirect_uri self.scopes = scopes or ["openid", "profile", "invoice.read"] self.code_verifier = None self.state = None
