Published at: 2025-10-30

1.4 Integration Case: ShareCRM Tasks OA with Weaver

Pan-Wei OA To-Do Integration Single Sign-On Guide

  1. Integration outcome

When a CRM user submits a workflow to an approver node, the system pushes a to-do item to the approver’s OA system to-do list. When the approver clicks that item in the OA system, it automatically redirects to the workflow approval page in ShareCRM.

  1. OA-side prerequisites

The OA vendor must enable the OAuth 2.0 authentication module and the workflow to-do integration module. Both are non-standard OA modules and require the customer to purchase/enable them from the OA vendor.

  1. Integration environment requirements

The customer’s OA system must be accessible from the public internet and provide a test instance for integration development and testing.

Pan-Wei OAuth 2.0 Configuration

  1. Backend Application Center -> Integration Center -> Unified Authentication Center -> Authentication Service Management -> OAuth2 Authentication: enable this setting.

image

  1. Backend Application Center -> Integration Center -> Unified Authentication Center -> Authentication Service Management -> Authentication Application Management

Click Register. Select OAUTH2 as the authentication method, give the application a name, and set the business system URL to https://wwww.fxiaoke.com. Choose employee number for account mapping rule, then save.

image

  1. Backend Application Center -> Integration Center -> Feature Integration -> Unified To-Do Center Settings

Click Register and enter the integration application information. For the PC URL, use the OA unified authentication authorize endpoint plus client_id, response_type and redirect_uri pointing to the CRM authorization endpoint. Example:

http://www.yumin.ltd:9090/sso/oauth2.0/authorize?client_id=39b2e3359e&response_type=code&redirect_uri=https://www.fxiaoke.com/erp/syncdata/open/oa/authorize/common

client_id is the application identifier created in the previous step. Set personnel conversion rule to employee number. Enable automatic creation of flow types and turn on the switches: edit flow type, receive flow data, show on PC, show on mobile. On the second page (Flow Types), add the flow types to be integrated and enable reception.

image

CRM-side OA To-Do Connector Configuration

  1. Go to the connector settings and perform initial setup following the Integration Platform OA connector handbook. Fill in the required parameters:

https://help.fxiaoke.com/9bfb/c68f/c553/f900

image

  1. Configure scenario parameters: set up the to-do message parameters as needed. syscode is the to-do integration system identifier required by the OA to-do API — set this value in step 3. Other parameters should use CRM placeholders. The to-do message push URL will be provided by the OA vendor.

image

  1. To-do custom function: use this to dynamically construct to-do message parameters when default CRM placeholders do not meet requirements. Typical uses: transform workflow names, handle date/time formatting, etc. Refer to the Integration Platform handbook for implementation examples.

image

  1. In connector settings, bind accounts according to the Integration Platform OA connector handbook. Because the OA-side mapping uses employee number, bind CRM accounts using employee number.

image

OA Single Sign-On (SSO) Integration Overview

  1. SSO authentication function

Configure the SSO function from the extension button next to the New button on the account binding page. This function enables SSO when a user in OA clicks a to-do item that redirects to ShareCRM.

image

  1. SSO flow explanation

When the OA user clicks a to-do item that redirects to the CRM authorization URL, OA includes a temporary ticket in the request parameters. The SSO function takes this ticket, calls the OA Unified Authentication Center access token endpoint to obtain an access token, then calls the OA Unified Authentication Center profile endpoint with that token to retrieve employee information. The function returns the employee number from the profile. If the returned employee number matches the employee number bound in CRM account binding, SSO succeeds and the user is logged into ShareCRM.

Code examples:

// Pan-Wei OA API base URL - required private static String PREFIX_URL=”http://www.yumin.ltd:43410/” // Application ID - required (OA authentication application identifier) private static String CLIENTID=”39b2e3be-b4ca-4e7a259e” // Application secret - required (OA authentication application secret) private static String CLIENTSECRET=”slatwgyHoIGWRd36p” // ShareCRM callback URL - required private static String redirect_uri = “https://www.fxiaoke.com/oauth/sp/callback”

accessToken retrieval (can be wrapped as utility):

public static Map accessToken(String code){ log.info(“———-getting access_token———————————”) String final_url=PREFIX_URL+”sso/oauth2.0/accessToken?client_id=”+CLIENTID+”&client_secret=”+CLIENTSECRET+”&code=”+code+”&grant_type=authorization_code&redirect_uri=”+redirect_uri log.info(“Auth URL:”+final_url) Map returnMap= OAuthUtils.post(final_url,[:],[:]) return returnMap } public static String getAccessToken(String code ) { log.info(“code:”+code) log.info(“———–OAuth authorization—————————–”) Map accessTokenMap=accessToken(code) if(accessTokenMap.containsKey(“access_token”)){ return accessTokenMap.access_token as String } return null
}

Third-party OA user info retrieval (can be wrapped as utility):

public static Integer openId2userId(String accessToken) { HttpResult o = (HttpResult) http.get(PREFIX_URL+”sso/oauth2.0/profile?access_token=”+accessToken, [“access_token”: accessToken]).getData(); String user = o.content[“attributes”][“loginid”].toString(); // Query Personnel object by the third-party user info; recommend using a custom field QueryResult data = (QueryResult) object.find(“PersonnelObj”, [[“employee_number”: user]],2,0).getData() List<Map> dataList = data.dataList // If user lookup fails, return error // You may also create a Personnel record here and set binding fields if (dataList.size() <= 0) { message.throwErrorMessage(“Cannot find matching user, user:” + user) } if (dataList.size() > 1) { message.throwErrorMessage(“Multiple matching users found, user:” + user) } // Return the employee_number field from the Personnel record for login usage return dataList[0][“employee_number”].toString() as Integer }

SSO authentication function (example):

String url = syncArg[“oaConnectParam”][“ssoAuthUrl”] as String;

log.info(“url:”+url)

String ticket = syncArg[“params”][“requestParams”][“ticket”] as String;

log.info(“ticket:”+ticket);

// Tenant temporary authorization mode; if other modes apply, consult third-party docs

String token = Tools.getAccessToken(ticket);

log.info(token);

// From Personnel record, get ShareCRM userId

Integer userId = Tools.openId2userId(token);

log.info(userId);

syncArg.put(“oaUser”,userId);// Always return third-party account under key “oaUser”

log.info(“syncArg:”+Fx.json.toJson(syncArg));

return syncArg;

Submit Feedback
Previous
1.3 [ShareCRM Task OA] Huawei WeLink Integration Case Study
Next
2.1 Configuration Guide for WeCom/Feishu/DingTalk/Lark Account Binding Rules