Planon SDK
SDK supports both the authorization code with a public client and Proof Key for code exchange (PKCE) flow, as well as a client credentials flow.
It depends on the type of integration required, which grant type is preferred. For system-to-system integration, typically the client credentials grant is recommended. For an integration that requires (end-)user interaction, it is recommended to make use of the authorization code flow.
To use SDK with OIDC please configure your cloud environment via the Environment Management Gadget on the SSO tab and enable OpenID Connect for the SDK solution.
Additional Keycloak configuration is needed. Please add a public client with the settings as described below to use authorization code flow:
Authorization code flow:
Client type
openid-connect
Client ID
“replace by a self-chosen name”
Client authentication
Off
Authentication flow
Standard flow
Root URL
Valid redirect URIs
“url of the interface calling the sdk interface”
Proof Key for Code Exchange Code Challenge Method
Choose your preference and match with interfacing system (plain or S256)
For system-to-system authentication, the following template can be used.
Client credentials:
Client type
openid-connect
Client ID
“replace by a self-chosen name”
Client authentication
On
Authentication flow
Service accounts role
Root URL
Valid redirect URIs
“url of the interface calling the sdk interface”
Proof Key for Code Exchange Code Challenge Method
Choose your preference and match with interfacing system (plain or S256)
When client credentials flow is used, a service account user must be present in Planon. Example
If the client name is sdk-example1, a user with account name service-account-sdk-example1 must be present and active within the Planon application.
1. To get access to the SDK service via OpenID Connect, take the following steps: Retrieve an access token at the Authentication service via the client created in the installation steps.
2. Send the access token as a Bearer token to the Planon SDK service.