Dear Team from Invantive,
It seems that the change of method on the login in EOL as broken the TOTP :-((( described here Circumvent two-step verification and refresh tokens on Exact Online using Data Hub
Exact now requires a 2-page-step login+password followed by TOTP.
now my QueryTool seems lost… the TOTP is not filled like before
Thanks for your help
It is recommended to register your own client ID as instructed on Registratie Exact Online app voor gebruik met Invantive Control for Excel (only in Dutch, I am sorry). Essentially, this enable use of your own Exact Online app.
Further, you will need to upgrade to a recent 20.2 production release, such as 20.2.27 or newer, as found on https://releasenotes.invantive.com.
That will solve the log on issue.
For the near future, Exact and Invantive will change their partnership to provide large accounting firms and customers in general with more flexibility while maintaining our view on how to best implement security according to ISO 2700[12] and the OAuth standard.
Thanks @gls
I had the OAuth method since July 2021 … but… since Exact requires exact continuity between refresh tokens as described here Exact Online error message: Old refresh token used I am using OAuth accross multiple iIvantive product (QueryTool and Data Hub for me) AND also multiple Exact databases (=multiple EOL divisions)
I moved to TOTP because of the above described error.
Am I wrong ?
I am using Beta 20.1.537.
Ok, PROD 20.2.27 works with the new Exact login logic & TOTP.
Then I’m lost.
I though that Invantive BETA releases were always more advanced than PROD ones.
Although the numbering always seemed strange to me (prod 20.2 > beta 20.1)
now PROD 20.2.27 vs BETA 20.1.537
thanks for your insight on this numbering question…
Yes, TOTP logic is recommended when running on secured hardware and when needing to connect from multiple devices, such as cluster configurations or even devices located across Europe.
The version numbering convention for the last years has been:
Update TOTP/Exact Refresh Token November 2021
Using Implicit Grant Flow with TOTP-secret is still recommended when you can not guarantee that all uses are not in parallel or at least 10 minutes apart. The 10 minutes interval between runs is necessary due to the new requirement that an access token may not be acquired more often than once every 9,5 minutes.
To reduce the number of uses of the TOTP-secret, you may want to include the client secret of your Exact Online app in settings*.xml by assigning it to the connection string attribute api-client-secret. For more information on the settings XML file format consult the article Settings.xml XML-format for virtual SQL databases.
This enables - when possible - the Invantive software to use Code Grant Flow with improved runtime performance. When multiple processes are run at the same time, the software will revert to Implicit Grant Flow automatically.
The data container setting to automatically enter verification code on program start, switch to Code Grant Flow and then continue use of Code Grant Flow as long as possible will resemble then:
<database
order="10"
alias="eol"
provider="ExactOnlineAll"
userLogonCodeMode="Hidden"
passwordMode="Hidden"
defaultUserLogonCode="invantive1"
defaultPassword="secret"
connectionString="api-url=https://start.exactonline.nl;api-client-id=GUID_VALUE;api-client-secret=ANOTHER_SECRET;api-redirect-url=https://URL;totp-secret=TOTP_SECRET"
AllowConnectionStringRewrite="false"
/>