I'm building a React-Node application to access QuickBooks APIs, and my first step is to set up the authorisation flow from my node backend, using the intuit-oauth library.
I'm using the OAuth2.0-demo-nodejs sample app as my template (https://github.com/IntuitDeveloper/OAuth2.0-demo-nodejs).
So the first step is to create an authorisation request. Instead of building UI where users enter their details, I've hardcoded in my app's keys:
app.get("/authUri", urlencodedParser, (req, res) => {
oauthClient = new OAuthClient({
clientId: "*****",
clientSecret: "*****",
environment: "sandbox",
redirectUri: "http://localhost:8000/callback",
});
const authUri = oauthClient.authorizeUri({
scope: [OAuthClient.scopes.Accounting],
state: "intuit-test",
});
res.send(`this is authUri: ${authUri}`);
});
This code is working as it should and is returning authUri. However, what to do next is confusing me. The documentation says that I should receive back an authorisation code which then needs to converted into a token, and in the sample app, the code to perform this is as follows:
app.get('/callback', function(req, res) {
oauthClient.createToken(req.url)
.then(function(authResponse) {
oauth2_token_json = JSON.stringify(authResponse.getJson(), null,2);
})
.catch(function(e) {
console.error(e);
});
res.send('');
});
I've also read in the documentation that I need to redirect users to an authorisation page, create a UI that initiates a redirect, and then get the authorisation code (https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0). So I vaguely understand this but am having knowing where to start after sending the authorization request. Suggestions?
CodePudding user response:
In the OAuth 2.0 Authorization Code flow, after initiating the authorization request, the enduser gets redirected to the login page and enters his credentials. Then he gets redirected to the callback_uri (redirect_uri) with the code parameter. After that, you have to make a Post Request to the /token endpoint and send the code. When all goes correct you get an AccessToken.