Sample code for 30+ languages & platforms
Go

Quickbooks OAuth1 Authorization (3-legged)

See more QuickBooks Examples

Demonstrates 3-legged OAuth1 authorization for Quickbooks.

Chilkat Go Downloads

Go
    success := false

    consumerKey := "QUICKBOOKS_CONSUMER_KEY"
    consumerSecret := "QUICKBOOKS_CONSUMER_SECRET"

    requestTokenUrl := "https://oauth.intuit.com/oauth/v1/get_request_token"
    authorizeUrl := "https://appcenter.intuit.com/Connect/Begin"
    accessTokenUrl := "https://oauth.intuit.com/oauth/v1/get_access_token"

    // The port number is picked at random. It's some unused port that won't likely conflict with anything else..
    callbackUrl := "http://localhost:3017/"
    callbackLocalPort := 3017

    // The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
    http := chilkat.NewHttp()

    http.SetOAuth1(true)
    http.SetOAuthConsumerKey(consumerKey)
    http.SetOAuthConsumerSecret(consumerSecret)
    http.SetOAuthCallback(callbackUrl)

    req := chilkat.NewHttpRequest()
    req.SetHttpVerb("POST")
    req.SetContentType("application/x-www-form-urlencoded")

    resp := chilkat.NewHttpResponse()
    success = http.HttpReq(requestTokenUrl,req,resp)
    if success == false {
        fmt.Println(http.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        return
    }

    if resp.StatusCode() >= 400 {
        fmt.Println("Error response status code = ", resp.StatusCode())
        fmt.Println(resp.BodyStr())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        return
    }

    // If successful, the resp.BodyStr contains this:  
    // oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
    fmt.Println(resp.BodyStr())

    hashTab1 := chilkat.NewHashtable()
    hashTab1.AddQueryParams(resp.BodyStr())

    requestToken := hashTab1.LookupStr("oauth_token")
    requestTokenSecret := hashTab1.LookupStr("oauth_token_secret")
    http.SetOAuthTokenSecret(*requestTokenSecret)

    fmt.Println("oauth_token = ", *requestToken)
    fmt.Println("oauth_token_secret = ", *requestTokenSecret)

    // ---------------------------------------------------------------------------
    // The next step is to form a URL to send to the AuthorizeUrl
    // This is an HTTP GET that we load into a popup browser.
    sbUrlForBrowser := chilkat.NewStringBuilder()
    sbUrlForBrowser.Append(authorizeUrl)
    sbUrlForBrowser.Append("?oauth_token=")
    sbUrlForBrowser.Append(*requestToken)
    url := sbUrlForBrowser.GetAsString()

    // When the urlForBrowser is loaded into a browser, the response from Quickbooks will redirect back to localhost:3017
    // We'll need to start a socket that is listening on port 3017 for the callback from the browser.
    listenSock := chilkat.NewSocket()

    backLog := 5
    success = listenSock.BindAndListen(callbackLocalPort,backLog)
    if success == false {
        fmt.Println(listenSock.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab1.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        listenSock.DisposeSocket()
        return
    }

    // Wait for the browser's connection in a background thread.
    // (We'll send load the URL into the browser following this..)
    // Wait a max of 60 seconds before giving up.
    sock := chilkat.NewSocket()
    maxWaitMs := 60000
    c := make(chan *chilkat.Task)
    go listenSock.AcceptNextAsync(maxWaitMs,sock,c)
    task := <-c

    // Launch the system's default browser navigated to the URL.
    oauth2 := chilkat.NewOAuth2()
    success = oauth2.LaunchBrowser(*url)
    if success == false {
        fmt.Println(oauth2.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab1.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        oauth2.DisposeOAuth2()
        return
    }

    // Wait for the listenSock's task to complete.
    success = task.Wait(maxWaitMs)
    if !success || (task.StatusInt() != 7) || (task.TaskSuccess() != true) {
        if !success {
            // The task.LastErrorText applies to the Wait method call.
            fmt.Println(task.LastErrorText())
        } else {
            // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
            fmt.Println(task.Status())
            fmt.Println(task.ResultErrorText())
        }

        task.DisposeTask()
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab1.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        oauth2.DisposeOAuth2()
        return
    }

    // If we get to this point, the connection from the browser arrived and was accepted.

    // We no longer need the listen socket...
    // Close it so that it's no longer listening on port 3017.
    listenSock.Close(10)

    task.DisposeTask()

    // Read the start line of the request..
    startLine := sock.ReceiveUntilMatch("\r\n")
    if sock.LastMethodSuccess() == false {
        fmt.Println(sock.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab1.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        oauth2.DisposeOAuth2()
        return
    }

    // Read the request header.
    requestHeader := sock.ReceiveUntilMatch("\r\n\r\n")
    if sock.LastMethodSuccess() == false {
        fmt.Println(sock.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab1.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        oauth2.DisposeOAuth2()
        return
    }

    // The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
    // Once the request header is received, we have all of it.
    // We can now send our HTTP response.
    sbResponseHtml := chilkat.NewStringBuilder()
    sbResponseHtml.Append("<html><body><p>Chilkat thanks you!</b></body</html>")

    sbResponse := chilkat.NewStringBuilder()
    sbResponse.Append("HTTP/1.1 200 OK\r\n")
    sbResponse.Append("Content-Length: ")
    sbResponse.AppendInt(sbResponseHtml.Length())
    sbResponse.Append("\r\n")
    sbResponse.Append("Content-Type: text/html\r\n")
    sbResponse.Append("\r\n")
    sbResponse.AppendSb(sbResponseHtml)

    sock.SendString(*sbResponse.GetAsString())
    sock.Close(50)

    // The information we need is in the startLine.
    // For example, the startLine will look like this:
    //  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
    sbStartLine := chilkat.NewStringBuilder()
    sbStartLine.Append(*startLine)
    numReplacements := sbStartLine.Replace("GET /?","")
    numReplacements = sbStartLine.Replace(" HTTP/1.1","")
    sbStartLine.Trim()

    // oauth_token=qyprdP04IrTDIXtP1HRZz0geQdjXHVlGDxXPexlXZsjZNRcY&oauth_verifier=arx5pj5&realmId=193514465596199&dataSource=QBO
    fmt.Println("startline: ", *sbStartLine.GetAsString())

    hashTab1.Clear()
    hashTab1.AddQueryParams(*sbStartLine.GetAsString())

    requestToken = hashTab1.LookupStr("oauth_token")
    authVerifier := hashTab1.LookupStr("oauth_verifier")

    // ------------------------------------------------------------------------------
    // Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

    http.SetOAuthToken(*requestToken)
    http.SetOAuthVerifier(*authVerifier)

    req.SetHttpVerb("POST")
    req.SetContentType("application/x-www-form-urlencoded")

    success = http.HttpReq(accessTokenUrl,req,resp)
    if success == false {
        fmt.Println(http.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab1.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        oauth2.DisposeOAuth2()
        sbResponseHtml.DisposeStringBuilder()
        sbResponse.DisposeStringBuilder()
        sbStartLine.DisposeStringBuilder()
        return
    }

    // Make sure a successful response was received.
    if resp.StatusCode() != 200 {
        fmt.Println(resp.StatusLine())
        fmt.Println(resp.Header())
        fmt.Println(resp.BodyStr())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        hashTab1.DisposeHashtable()
        sbUrlForBrowser.DisposeStringBuilder()
        listenSock.DisposeSocket()
        sock.DisposeSocket()
        task.DisposeTask()
        oauth2.DisposeOAuth2()
        sbResponseHtml.DisposeStringBuilder()
        sbResponse.DisposeStringBuilder()
        sbStartLine.DisposeStringBuilder()
        return
    }

    // If successful, the resp.BodyStr contains something like this:
    // oauth_token=12347455-ffffrrlaBdCjbdGfyjZabcdb5APNtuTPNabcdEpp&oauth_token_secret=RxxxxJ8mTzUhwES4xxxxuJyFWDN8ZfHmrabcddh88LmWE
    fmt.Println(resp.BodyStr())

    hashTab2 := chilkat.NewHashtable()
    hashTab2.AddQueryParams(resp.BodyStr())

    accessToken := hashTab2.LookupStr("oauth_token")
    accessTokenSecret := hashTab2.LookupStr("oauth_token_secret")

    // The access token + secret is what should be saved and used for
    // subsequent REST API calls.
    fmt.Println("Access Token = ", *accessToken)
    fmt.Println("Access Token Secret = ", *accessTokenSecret)

    // Save this access token for future calls.
    json := chilkat.NewJsonObject()
    json.AppendString("oauth_token",*accessToken)
    json.AppendString("oauth_token_secret",*accessTokenSecret)

    // Also save the realmId and dataSource from hashTab1.
    realmId := hashTab1.LookupStr("realmId")
    fmt.Println("realmId = ", *realmId)
    dataSource := hashTab1.LookupStr("dataSource")
    fmt.Println("dataSource = ", *dataSource)

    json.AppendString("realmId",*realmId)
    json.AppendString("dataSource",*dataSource)

    fac := chilkat.NewFileAccess()
    fac.WriteEntireTextFile("qa_data/tokens/quickbooks.json",*json.Emit(),"utf-8",false)

    fmt.Println("Success.")

    http.DisposeHttp()
    req.DisposeHttpRequest()
    resp.DisposeHttpResponse()
    hashTab1.DisposeHashtable()
    sbUrlForBrowser.DisposeStringBuilder()
    listenSock.DisposeSocket()
    sock.DisposeSocket()
    task.DisposeTask()
    oauth2.DisposeOAuth2()
    sbResponseHtml.DisposeStringBuilder()
    sbResponse.DisposeStringBuilder()
    sbStartLine.DisposeStringBuilder()
    hashTab2.DisposeHashtable()
    json.DisposeJsonObject()
    fac.DisposeFileAccess()