Phoenix - Your AI AssistantPHP Code for OpenID Connect Authorization Code Flow with PKCE
- Posted:
- Proposals: 50
- Remote
- #4364537
- OPPORTUNITY
- Open for Proposals
Zurich 
Description
Experience Level: Expert
Hello,
We require an implementation of the REST APIs from the German accounting software manufacturer DATEV for our SaaS platform. You only need to implement a routine for handling authentication; we will implement all other endpoints ourselves.
The DATEV APIs are based on the OpenID Connect Authorization Code Flow with PKCE. You can find a description of DATEV's authentication guidelines here: https://developer.datev.de/en/guides/authentication There you will also find an example implementation in .NET.
Your implementation must consider the entire authentication workflow, including redirects to a specified URI as well as checking the validity of tokens. Please add the additional parameter "enableWindowsSso=true" to the authorization request to enable Windows Single Sign-On. It should be possible to choose if you want to request short-lived refresh tokens with a validity of 11 hours or long-lived refresh tokens with a validity of 2 years by setting the additional scope "offline_access". The long-lived refresh token remains valid for 2 years each time it is renewed, so it must be renewed occasionally to prevent it from expiring. A function for revoking tokens must be implemented. Furthermore, there must be a function to query and display all fields from the UserInfo endpoint. From the user's perspective, all functions must run entirely in the browser.
We have the following requirements for the implementation:
- Use of PHP 8.4
- It would be great if the integration of external libraries could be avoided and everything is implemented using raw cURL calls. However, if you want to use external libraries, they must be fully compatible with PHP 8.4 and the IIS web server. Please discuss with us which libraries you would like to use before starting development.
- No sessions or cookies should be used. The tokens must be stored in a database. However, you do not need to implement code for loading and saving data in the database; we will do this ourselves. It is fine if you implement a very simple file-based loading and saving instead. We will then replace this code with the database routines.
- We cannot provide parts of our application or access to our servers. We also cannot provide credentials for DATEV for testing.
You should meet the following requirements:
- Very good PHP skills
- Experience with OpenID Connect Authorization Code Flow with PKCE
- Ideally, experience with the DATEV APIs
We are happy to answer any questions you may have.
We require an implementation of the REST APIs from the German accounting software manufacturer DATEV for our SaaS platform. You only need to implement a routine for handling authentication; we will implement all other endpoints ourselves.
The DATEV APIs are based on the OpenID Connect Authorization Code Flow with PKCE. You can find a description of DATEV's authentication guidelines here: https://developer.datev.de/en/guides/authentication There you will also find an example implementation in .NET.
Your implementation must consider the entire authentication workflow, including redirects to a specified URI as well as checking the validity of tokens. Please add the additional parameter "enableWindowsSso=true" to the authorization request to enable Windows Single Sign-On. It should be possible to choose if you want to request short-lived refresh tokens with a validity of 11 hours or long-lived refresh tokens with a validity of 2 years by setting the additional scope "offline_access". The long-lived refresh token remains valid for 2 years each time it is renewed, so it must be renewed occasionally to prevent it from expiring. A function for revoking tokens must be implemented. Furthermore, there must be a function to query and display all fields from the UserInfo endpoint. From the user's perspective, all functions must run entirely in the browser.
We have the following requirements for the implementation:
- Use of PHP 8.4
- It would be great if the integration of external libraries could be avoided and everything is implemented using raw cURL calls. However, if you want to use external libraries, they must be fully compatible with PHP 8.4 and the IIS web server. Please discuss with us which libraries you would like to use before starting development.
- No sessions or cookies should be used. The tokens must be stored in a database. However, you do not need to implement code for loading and saving data in the database; we will do this ourselves. It is fine if you implement a very simple file-based loading and saving instead. We will then replace this code with the database routines.
- We cannot provide parts of our application or access to our servers. We also cannot provide credentials for DATEV for testing.
You should meet the following requirements:
- Very good PHP skills
- Experience with OpenID Connect Authorization Code Flow with PKCE
- Ideally, experience with the DATEV APIs
We are happy to answer any questions you may have.
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
Hi Ben,
Could you confirm if the PHP 8.4 implementation should strictly avoid any front-end frameworks (e.g., JavaScript libraries) or if basic front-end scripting for redirects/token handling is acceptable?
Do you want access token encryption at rest? Or will DB take care of security?