Sample code for 30+ languages & platforms
Android™

Quickbooks OAuth1 Authorization (3-legged)

See more QuickBooks Examples

Demonstrates 3-legged OAuth1 authorization for Quickbooks.

Chilkat Android™ Downloads

Android™
// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;

import android.app.Activity;
import com.chilkatsoft.*;

import android.widget.TextView;
import android.os.Bundle;

public class SimpleActivity extends Activity {

  private static final String TAG = "Chilkat";

  // Called when the activity is first created.
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    boolean success = false;

    String consumerKey = "QUICKBOOKS_CONSUMER_KEY";
    String consumerSecret = "QUICKBOOKS_CONSUMER_SECRET";

    String requestTokenUrl = "https://oauth.intuit.com/oauth/v1/get_request_token";
    String authorizeUrl = "https://appcenter.intuit.com/Connect/Begin";
    String accessTokenUrl = "https://oauth.intuit.com/oauth/v1/get_access_token";

    // The port number is picked at random. It's some unused port that won't likely conflict with anything else..
    String callbackUrl = "http://localhost:3017/";
    int callbackLocalPort = 3017;

    // The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
    CkHttp http = new CkHttp();

    http.put_OAuth1(true);
    http.put_OAuthConsumerKey(consumerKey);
    http.put_OAuthConsumerSecret(consumerSecret);
    http.put_OAuthCallback(callbackUrl);

    CkHttpRequest req = new CkHttpRequest();
    req.put_HttpVerb("POST");
    req.put_ContentType("application/x-www-form-urlencoded");

    CkHttpResponse resp = new CkHttpResponse();
    success = http.HttpReq(requestTokenUrl,req,resp);
    if (success == false) {
        Log.i(TAG, http.lastErrorText());
        return;
        }

    if (resp.get_StatusCode() >= 400) {
        Log.i(TAG, "Error response status code = " + String.valueOf(resp.get_StatusCode()));
        Log.i(TAG, resp.bodyStr());
        return;
        }

    // If successful, the resp.BodyStr contains this:  
    // oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
    Log.i(TAG, resp.bodyStr());

    CkHashtable hashTab1 = new CkHashtable();
    hashTab1.AddQueryParams(resp.bodyStr());

    String requestToken = hashTab1.lookupStr("oauth_token");
    String requestTokenSecret = hashTab1.lookupStr("oauth_token_secret");
    http.put_OAuthTokenSecret(requestTokenSecret);

    Log.i(TAG, "oauth_token = " + requestToken);
    Log.i(TAG, "oauth_token_secret = " + requestTokenSecret);

    // ---------------------------------------------------------------------------
    // The next step is to form a URL to send to the AuthorizeUrl
    // This is an HTTP GET that we load into a popup browser.
    CkStringBuilder sbUrlForBrowser = new CkStringBuilder();
    sbUrlForBrowser.Append(authorizeUrl);
    sbUrlForBrowser.Append("?oauth_token=");
    sbUrlForBrowser.Append(requestToken);
    String url = sbUrlForBrowser.getAsString();

    // When the urlForBrowser is loaded into a browser, the response from Quickbooks will redirect back to localhost:3017
    // We'll need to start a socket that is listening on port 3017 for the callback from the browser.
    CkSocket listenSock = new CkSocket();

    int backLog = 5;
    success = listenSock.BindAndListen(callbackLocalPort,backLog);
    if (success == false) {
        Log.i(TAG, listenSock.lastErrorText());
        return;
        }

    // Wait for the browser's connection in a background thread.
    // (We'll send load the URL into the browser following this..)
    // Wait a max of 60 seconds before giving up.
    CkSocket sock = new CkSocket();
    int maxWaitMs = 60000;
    CkTask task = listenSock.AcceptNextAsync(maxWaitMs,sock);
    task.Run();

    // Launch the system's default browser navigated to the URL.
    CkOAuth2 oauth2 = new CkOAuth2();
    success = oauth2.LaunchBrowser(url);
    if (success == false) {
        Log.i(TAG, oauth2.lastErrorText());
        return;
        }

    // Wait for the listenSock's task to complete.
    success = task.Wait(maxWaitMs);
    if (!success or (task.get_StatusInt() != 7) or (task.get_TaskSuccess() != true)) {
        if (!success) {
            // The task.LastErrorText applies to the Wait method call.
            Log.i(TAG, task.lastErrorText());
            }
        else {
            // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
            Log.i(TAG, task.status());
            Log.i(TAG, task.resultErrorText());
            }

        return;
        }

    // If we get to this point, the connection from the browser arrived and was accepted.

    // We no longer need the listen socket...
    // Close it so that it's no longer listening on port 3017.
    listenSock.Close(10);

    // Read the start line of the request..
    String startLine = sock.receiveUntilMatch("\r\n");
    if (sock.get_LastMethodSuccess() == false) {
        Log.i(TAG, sock.lastErrorText());
        return;
        }

    // Read the request header.
    String requestHeader = sock.receiveUntilMatch("\r\n\r\n");
    if (sock.get_LastMethodSuccess() == false) {
        Log.i(TAG, sock.lastErrorText());
        return;
        }

    // The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
    // Once the request header is received, we have all of it.
    // We can now send our HTTP response.
    CkStringBuilder sbResponseHtml = new CkStringBuilder();
    sbResponseHtml.Append("<html><body><p>Chilkat thanks you!</b></body</html>");

    CkStringBuilder sbResponse = new CkStringBuilder();
    sbResponse.Append("HTTP/1.1 200 OK\r\n");
    sbResponse.Append("Content-Length: ");
    sbResponse.AppendInt(sbResponseHtml.get_Length());
    sbResponse.Append("\r\n");
    sbResponse.Append("Content-Type: text/html\r\n");
    sbResponse.Append("\r\n");
    sbResponse.AppendSb(sbResponseHtml);

    sock.SendString(sbResponse.getAsString());
    sock.Close(50);

    // The information we need is in the startLine.
    // For example, the startLine will look like this:
    //  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
    CkStringBuilder sbStartLine = new CkStringBuilder();
    sbStartLine.Append(startLine);
    int numReplacements = sbStartLine.Replace("GET /?","");
    numReplacements = sbStartLine.Replace(" HTTP/1.1","");
    sbStartLine.Trim();

    // oauth_token=qyprdP04IrTDIXtP1HRZz0geQdjXHVlGDxXPexlXZsjZNRcY&oauth_verifier=arx5pj5&realmId=193514465596199&dataSource=QBO
    Log.i(TAG, "startline: " + sbStartLine.getAsString());

    hashTab1.Clear();
    hashTab1.AddQueryParams(sbStartLine.getAsString());

    requestToken = hashTab1.lookupStr("oauth_token");
    String authVerifier = hashTab1.lookupStr("oauth_verifier");

    // ------------------------------------------------------------------------------
    // Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

    http.put_OAuthToken(requestToken);
    http.put_OAuthVerifier(authVerifier);

    req.put_HttpVerb("POST");
    req.put_ContentType("application/x-www-form-urlencoded");

    success = http.HttpReq(accessTokenUrl,req,resp);
    if (success == false) {
        Log.i(TAG, http.lastErrorText());
        return;
        }

    // Make sure a successful response was received.
    if (resp.get_StatusCode() != 200) {
        Log.i(TAG, resp.statusLine());
        Log.i(TAG, resp.header());
        Log.i(TAG, resp.bodyStr());
        return;
        }

    // If successful, the resp.BodyStr contains something like this:
    // oauth_token=12347455-ffffrrlaBdCjbdGfyjZabcdb5APNtuTPNabcdEpp&oauth_token_secret=RxxxxJ8mTzUhwES4xxxxuJyFWDN8ZfHmrabcddh88LmWE
    Log.i(TAG, resp.bodyStr());

    CkHashtable hashTab2 = new CkHashtable();
    hashTab2.AddQueryParams(resp.bodyStr());

    String accessToken = hashTab2.lookupStr("oauth_token");
    String accessTokenSecret = hashTab2.lookupStr("oauth_token_secret");

    // The access token + secret is what should be saved and used for
    // subsequent REST API calls.
    Log.i(TAG, "Access Token = " + accessToken);
    Log.i(TAG, "Access Token Secret = " + accessTokenSecret);

    // Save this access token for future calls.
    CkJsonObject json = new CkJsonObject();
    json.AppendString("oauth_token",accessToken);
    json.AppendString("oauth_token_secret",accessTokenSecret);

    // Also save the realmId and dataSource from hashTab1.
    String realmId = hashTab1.lookupStr("realmId");
    Log.i(TAG, "realmId = " + realmId);
    String dataSource = hashTab1.lookupStr("dataSource");
    Log.i(TAG, "dataSource = " + dataSource);

    json.AppendString("realmId",realmId);
    json.AppendString("dataSource",dataSource);

    CkFileAccess fac = new CkFileAccess();
    fac.WriteEntireTextFile("qa_data/tokens/quickbooks.json",json.emit(),"utf-8",false);

    Log.i(TAG, "Success.");

  }

  static {
      System.loadLibrary("chilkat");

      // Note: If the incorrect library name is passed to System.loadLibrary,
      // then you will see the following error message at application startup:
      //"The application <your-application-name> has stopped unexpectedly. Please try again."
  }
}