UK specific: MTD - Making Tax Digital
David Goodenough
david.goodenough at linkchoose.co.uk
Mon Apr 17 14:25:09 EDT 2017
On Monday, 17 April 2017 16:39:02 BST Alain Williams wrote:
> On Mon, Apr 17, 2017 at 04:00:20PM +0100, David Goodenough wrote:
> > Apparently they have effectively locked out open source software as there
> > is a per application (i.e. there would be one just for GnuCash) "secret"
> > that is used during the OAuth2 login. Keeping that value secret is not
> > possible in open source (closed source just hard code it into their code)
> > so effectively open source can not be used.
>
> Do you have a reference for that ?
I did a google search for I think "HMRC MTD api", and found a page for
application developers which talked about OAuth2 and the use of an ID for the
application and its secret. I sent a question to HMRC and got an answer from
first level saying they had escalated it - that was over a week ago and I have
yet to receive a reply. The question I asked was if they had any guidance as
to how Open Source code should handle the secret.
The URL is:-
https://developer.service.hmrc.gov.uk/api-documentation/docs/tutorials#app-restricted
David
>
> With all of the fuss that the UK gov't is making about open source it would
> be interesting to see them justify that.
>
> How long before someone extracts/dumps-to-the-web the secret for a few
> popular applications like Sage ? Mind you: sage would love it - once the
> secret is invalidated they get to charge everyone who has bought a copy for
> the new version.
>
> How about a shim for a small binary executable - does its bit and gets out
> of the way ? I know that it is not ideal, but might be a pragmatic
> solution.
More information about the gnucash-user
mailing list