did anyone create a plugin for GTK client to integrate an external online banking tool like AqBanking? I’m imagine something like GnuCash does, see picture. Anyhow, I would appreciate different implementations, too
More about AqBaning in GnuCash:
In more detail: I want a menu-entry (or some other trigger) to start this process:
- export the tasks (wire transfer, direct debits) for the bank
- start the banking application and make it
- upload the tasks to the bank
- download bank statements
- import the bank statements into Tryton
I don’t want this to be a server module for several reasons:
- The solution should be acceptable even in hosted environments — in which case the threat model includes server breaches and misuse by personnel. Thus the banking PIN shall not go to the Tryton server to limit the damage caused by a potential breach.
- Authentication to the bank might require more interaction than just entering the PIN. (At least in Germany you need to re-authenticate using 2FA every 90 days or so.) Given there are already banking applications providing everything (including a GUI), I’d prefer to reuse these instead of implementing another interaction communication — which would requires extensions to the Tryton Client, too.
In tryton we have several account_statement modules used to download transactions from banks. I guess you can create one with AqBanknig if it is usefull.
Then you will post all your bank moves using the account_statement functionalities.
This way it will be available for both GTK and web interfaces.
Are you sure? account_statement_aeb43, account_statement_code and account_statement_ofx are documented to „implement the import of the“ respective file as statement.
I’m not seeking the import functionality, but the integration of the external banking tool into the GUI. So the user doesn’t need to change tools, download a file, upload it into tryton. This is silly work a computer can do faster and less errorprone.
Communicating with the bank requires interactive authentication, which means, GUI interaction. I can’t see how a server module could provide this.
Of course current solutions just import a file, but if you have a way to just import the data directly without a file we should just use the same wizard and just download the right data.
Sincerly I do not know how the functionality you presented works and you did not explain. So we can not think how to design the same alternative.
But as far as there is some API to pull the data, I do not see why it should be done fromm the GUI.
I connected to willuhn.de :: home of jameica & hibiscus - you can run a webserver in hibiscus and read the data via rpc.
I detailes the explanation of wha I’m seeking in the original posting.
Interesting. Did I understand this correctly: Hibiscus is running on the Server and your Tryton desktop client plugin communicated with it using RPC. How do you handle 2FA then? Eg. the „flicker code“ used in chipTAN?
Do you mean a server might be less safe than a workstation ?
The industry usually considers the opposite.
Or I may have misunderstood.
I mean the server might be less trustworthy then the workstation since it belongs to a third party (the service provider). „Access by unauthorized personnel“ (of the provider) is the threat I want to avoid.
You are in a very specific situation though.
You should never use a saas service if you don’t trust the host more than yourself.
Self-hosting is the only way but you have to be in a protected building at least.
There is nothing weaker in an infrastructure than the user’s device. No browser and no mail client is a minimum.
Yes - I read the done transactions and write “Stapelbuchungen” to Hibiscus. This is recorded in Tryton - but you have to confirm in Hibiscus. All the Auth/Confirm is done in Hibiscus - it would be far too time-consuming to recreate this in tryton.
The only thing that can happen is that someone forgets to confirm the daily bookings in Hibiscus. But since these are also marked as pending there and Hibiscus is often used, this never happens. In addition, I find it quite practical that the bookings from Trtyon can be initialised by almost anyone but can only be executed by a person with bank access.