"Login mit DATEV" allows to register and log in with their usual access medium such as SmartCard, SmartLogin or DATEV Kommserver. The user logs in to DATEV and agrees that their profile information may be used on the vendor's website. In addition, the user can transfer data released for him in the DATEV ecosystem, such as e-mail address or name, to the manufacturer's website for use.
The (regular) workflow is shown below. The interface requirements are listed separately by sandbox and production level.
API WORKFLOW
- Logon and authentication via an access medium
- Query account id and other data
- Linking the accounts of the software companies with the DATEV Account-Id
- Logout
ONLINE API & ENDPOINTS for SANDBOX
.The appropriate endpoints for the sandbox can be queried directly via openid-configuration.
https://login.datev.de/openidsandbox/.well-known/openid-configuration Logon and authentication via an access medium
. Authentication must be implemented according to http://www.datev.de/go/oauth-openidconnect. Here, in addition to SmartCard and SmartLogin, the DATEV Kommserver must also be supported. As scopes account_id and profile must be used, the scope email can be used.https://sandbox-api.datev.de/userinfoMUST: Show that the login works with a smart card.MUST: Show that login works with a SmartLogin.SHOULD: Show that the login works with a DID and the DATEV Kommserver.MUST: The Authorize-Request must contain enableWindowsSso=true.
Challenges:
- Consultant logs in with unknown medium.
MUST: The logos comply with the design specification.Linking the software companies accounts to the DATEV account id.
The manufacturer maps the different access media to one account, so it does not matter which medium the user uses to log in.
MUST: The vendor shows that logging in via two different media leads to logging into the same account in the vendor's applicationLogout
The vendor must implement a way for the user to log out using the revoke endpoint.
https://sandbox-api.datev.de/revokeMUST: Show a successful logoff in the interface.ONLINE API & ENDPOINTS for PRODUCTION
.The appropriate endpoints for the sandbox can be queried directly via openid-configuration.
https://login.datev.de/openid/.well-known/openid-configuration Logon and authentication via an access medium
. Authentication must be implemented according to http://www.datev.de/go/oauth-openidconnect. Here, in addition to SmartCard and SmartLogin, the DATEV Kommserver must also be supported. As scopes account_id and profile must be used, the scope email can be used.https://api.datev.de/userinfoMUST: Show that the login is working with a smart card.MUST: Show that the login works with a SmartLogin.SHOULD: Show that the login works with a DID and the DATEV Kommserver.MUST: The Authorize-Request must contain enableWindowsSso=true.
Challenges:
- Consultant logs in with unknown medium.
MUST: The logos comply with the design specification.Linking the software companies accounts to the DATEV account id.
The manufacturer maps the different access media to one account, so it does not matter which medium the user uses to log in.
MUST: Show that logging in via two different mediums results in logging into the same account in the vendor's applicationLogout
The vendor must implement a way for the user to log out using the revoke endpoint.
https://api.datev.de/revokeMUST: Show a successful logoff in the interface.MUST: Show that the token has been removed from https://apps.datev.de/tokrevui.CHANGELOG
version |
Date |
Changes |
|---|---|---|
| 1.0 | 28/08/2023 | First release |