Skip to Content

DW Authentication

by
Odoo
v 19.0 Third Party 9
Download for v 19.0 Deploy on Odoo.sh
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 2943
Technical Name docuware_authentication
LicenseLGPL-3
Websitehttps://www.codebar.ch
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 2943
Technical Name docuware_authentication
LicenseLGPL-3
Websitehttps://www.codebar.ch

DocuWare Authentication

Connect Odoo 19 to DocuWare with OAuth2, token handling, REST API access, and an audit log.

codebar Solutions AG

DocuWare Authentication is the connection layer for the DocuWare connector family. It owns tenant connections, OAuth2 authorization, access & refresh token storage, the shared REST client, and an immutable audit log — so business-level connectors (Master Data, Accounting Import) can stay focused on data. It does not push or pull business data on its own; install it together with one or more companion modules to move data between Odoo and DocuWare.

Free — LGPL-3.0. Required by every other DocuWare connector module from codebar Solutions AG.

At a glance

  • OAuth2 Authorization Code with refresh tokens — works with DocuWare Cloud and on-prem tenants.
  • Identity Service auto-discovery — you paste the platform URL, the module finds the rest.
  • Tokens and client secret are gated to system administrators at the field level.
  • Immutable connection audit log with configurable retention (default 90 days).
  • Shared file-cabinet, dialog and index-field cache that other DocuWare modules reuse.
  • Optional Sentry telemetry — off by default, fully opt-in, your DSN.

Who this is for

  • Odoo 19 administrators connecting their database to a DocuWare tenant for the first time.
  • Teams about to install DW Master Data or DW Accounting Import — this is the prerequisite.
  • Auditors and security reviewers who want an immutable, redacted log of every connection event.
  • Multi-company Odoo deployments where each company needs its own DocuWare tenant.

Key features

OAuth2 with auto-discovery

Authorization Code with refresh tokens — the only flow DocuWare Cloud reliably exposes for the docuware.platform scope. Authorization and token URLs are auto-discovered from the DocuWare Identity Service’s OpenID configuration; no manual entry. Refresh tokens are serialized with an advisory lock so concurrent jobs never race.

Secrets gated to administrators

Access tokens, refresh tokens, and the OAuth client secret are restricted to base.group_system at the field level. Regular DocuWare users can authorize a connection and use it, but never see the secret material itself.

Immutable audit log

Every connection event — OAuth start, callback success or failure, token refresh, sync probe — lands in dw.log. Records cannot be edited or deleted from the UI, payloads are PII-redacted before storage, and a daily cron prunes entries older than the configured retention window (default 90 days, adjustable in settings).

Shared cabinet & dialog cache

Once the connection is authorized, clicking Sync caches the tenant’s file cabinets, dialogs, index fields, and Index Table column metadata. Master Data and Accounting Import reuse this cache to populate their cabinet/field pickers — one fetch, every connector benefits.

Optional async execution

If OCA queue_job is installed and a worker is running, connection probes and token refreshes run on the root.docuware channel. Without it, they execute inline in the request thread — fine for small deployments.

How it works

  1. Register a Web (Authorization Code) application in DocuWare Identity. Redirect URI: <your-odoo-base-url>/docuware/oauth/callback. Scopes: docuware.platform openid dwprofile offline_access.
  2. In Odoo, set web.base.url to your full external URL so DocuWare can reach the OAuth callback at /docuware/oauth/callback.
  3. Create a record under DocuWare → Connections: name, Platform URL (e.g. https://yourorg.docuware.cloud), Client ID and Client Secret. Save — the OAuth authorization and token URLs are auto-discovered on first authorize and cached on the record.
  4. Click Authorize, sign in once on DocuWare, and Odoo persists the refresh token.
  5. Click Sync to enqueue a probe job that verifies the connection and caches the tenant’s cabinets and dialogs for downstream connector modules.

The DocuWare connector family

Three modules from codebar Solutions AG, designed to layer. You are looking at the foundation — the OAuth and REST plumbing the other two consume.

Module Direction Role
DW Authentication — you are here Foundation OAuth, REST client, audit log, shared schema cache.
DW Master Data Odoo → DocuWare Push contacts, accounts, taxes & any Odoo model as indexed records.
DW Accounting Import DocuWare → Odoo Create vendor bills & credit notes from DocuWare documents.

Scope — what this module does and doesn’t do

This module is a connection and audit layer. It handles tenant credentials, OAuth, the REST client, and the shared schema cache — nothing else. To move business data, install one of the companion modules.

  • Does not push records to DocuWare. For Odoo → DocuWare synchronization (contacts, chart of accounts, taxes, journals, custom models), install DW Master Data.
  • Does not import documents into Odoo. For DocuWare → Odoo vendor-bill import with header, line-table mapping and writeback, install DW Accounting Import.
  • OAuth flow: Authorization Code with refresh tokens only. PKCE and the client-credentials grant are not supported — DocuWare Cloud does not reliably expose them for the docuware.platform scope.
  • The Sync button is a connection probe — it verifies credentials and refreshes the cabinet cache. It does not synchronize business data on its own.
  • Each connection is single-tenant. One dw.connection record points at one DocuWare organization. Multi-tenant deployments use multiple connection records.

Requirements

  • Odoo: 19.0
  • Python: requests (declared as an external dependency)
  • Odoo modules: base, mail, web. OCA queue_job is an optional soft dependency: install it with a running worker for asynchronous execution; without it, jobs run inline in the request thread.
  • A DocuWare tenant with the Identity Service enabled.

Permissions

  • docuware_authentication.group_docuware_authentication — full CRUD on dw.connection; read access on dw.log; full CRUD on the cabinet, dialog and index-field schema cache used by downstream modules.
  • base.group_system — the only group that can read OAuth secrets and tokens (orthogonal, enforced at the field level).
  • Company isolation rules restrict each user to connections and log entries from their own company.

Privacy & telemetry

Sentry telemetry is off by default. It activates only when an administrator pastes a Sentry DSN under Settings → DocuWare → Telemetry and saves. Configuration is per database, stored as ir.config_parameter records. There are no environment variables to set and nothing is sent on a fresh install.

The sentry-sdk library is an optional dependency: it is not installed with this module. To forward events to Sentry, install it in Odoo’s Python environment (pip install sentry-sdk), restart Odoo, then configure the DSN. The telemetry screen shows whether the SDK is installed; without it, nothing is sent.

What is sent when telemetry is active

  • Unhandled exceptions raised inside the connector.
  • DocuWare sync errors with stack traces and error messages.
  • Connection identifiers and sync metadata.
  • IP addresses and user identifiers only when the “Send PII” toggle is explicitly enabled.

OAuth tokens, refresh tokens, and client secrets are never sent. Sensitive keys are redacted from exception context before transmission.

Where it goes

Events are forwarded to the Sentry project that you control via the DSN you paste. codebar Solutions AG receives nothing unless you point the DSN at one of our projects.

The companion modules DW Master Data and DW Accounting Import share this single telemetry surface and forward no additional data.

Setup walkthrough

Assign access, optional telemetry, authorize the connection, then use DocuWare → Connections and the sync log.

User access rights

Grant DocuWare Authentication / companion groups under Settings → Users as needed.

Odoo user form: access rights for DocuWare Authentication and Master Data

Telemetry (optional)

Settings → DocuWare → Telemetry — off until you save a DSN.

DocuWare settings: optional Sentry telemetry

Authorize connection

Start OAuth from the connection form.

DocuWare connection: Authorize action

DocuWare sign-in

DocuWare Identity sign-in during authorization

Authorized

After login, the connection holds a refresh token (secrets remain admin-only).

Connection form after successful authorization

Connections

DocuWare Connections list

Sync log

DocuWare sync log entries

License & support

Released under LGPL-3.0-or-later .

Built and maintained by codebar Solutions AG. Support: helpdesk@codebar.ch.

Privacy: see codebar.ch for our data protection notice.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Please choose a rating from 1 to 5 for this module.