[GNC] UK specific: any progress on MTD (Making Tax Difficult) ?

BobBriscoe bob at homefarmparham.co.uk
Fri Jan 4 10:47:42 EST 2019 

David Goodenough-2 wrote
> The problem is that GC needs to be allocated a program ID which we have to
> keep secret, 
> but needs to be issued to any user.  No ID and GC users can not go through
> the OAuth2 
> process every 18 months.
> 
> GC could put the code on a web site and have the GC code retrieve it,
> which is the cabinet 
> office solution to the problem, but given that the code to retreive it
> would be open source 
> GC would have no control over how the code was used.  If HMRC decide that
> someone 
> using the GC code is messing with their systems then they would ban that
> code and thus 
> all legitimate GC users.

I read through the  MTD (VAT) API documentation
<https://developer.service.hmrc.gov.uk/api-documentation/docs/api/service/vat-api/1.0#_submit-vat-return-for-period_post_accordion>  
yesterday, and although the API itself looks relatively straightforward, I
agree that the Authorization aspect is the hard part if you are not used to
writing this type of application.

By my reading of  HMRC's OAuth 2.0 documentation
<https://developer.service.hmrc.gov.uk/api-documentation/docs/authorisation/user-restricted-endpoints> 
, the client_id (which I assume is what you mean by a program ID) is not a
secret, it's merely a unique identifier for the application. It looks like
communication with the app uses i) a URI for the app (which can be local);
ii) the client_id to ensure it is talking to the right type of app; and iii)
an optional state variable that the app can generate to distinguish
different interactions.

The basic idea seems to be that your software is expected to be able to make
the HMRC's login page visible to the user, and give a redirect URI so that,
once the user has logged in, the HMRC server can return a code to the
original calling app at this URI. The original app then has 10 minutes to
POST this code to HMRC's token endpoint to get back an access token that it
can use against the MTD (VAT) API for the next 4 hours before having to
refresh it. Caveat: I haven't tried it yet.

I'm not planning on using GnuCash, but I'm considering writing bridging
software from LibreOffice calc, and I came across this thread while
searching for MTD solutions that will work on Linux. I don't really want to
spend my time on this, but I might have to, given I do the accounting for
two small VAT-registered businesses.


Bob



--
Sent from: http://gnucash.1415818.n4.nabble.com/GnuCash-User-f1415819.html

More information about the gnucash-user mailing list