Chilkat HOME Android™ Classic ASP C C++ C# Mono C# .NET Core C# C# UWP/WinRT DataFlex Delphi ActiveX Delphi DLL Visual FoxPro Java Lianja MFC Objective-C Perl PHP ActiveX PHP Extension PowerBuilder PowerShell PureBasic CkPython Chilkat2-Python Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ Visual Basic 6.0 VB.NET VB.NET UWP/WinRT VBScript Xojo Plugin Node.js Excel Go
(MFC) Xero OAuth1 Authorization (3-legged)Demonstrates 3-legged OAuth1 authorization for Xero
#include <CkHttp.h> #include <CkHttpRequest.h> #include <CkHttpResponse.h> #include <CkHashtable.h> #include <CkStringBuilder.h> #include <CkSocket.h> #include <CkTask.h> #include <CkJsonObject.h> #include <CkFileAccess.h> void ChilkatSample(void) { CkString strOut; const char *consumerKey = "XERO_CONSUMER_KEY"; const char *consumerSecret = "XERO_CONSUMER_SECRET"; const char *requestTokenUrl = "https://api.xero.com/oauth/RequestToken"; const char *authorizeUrl = "https://api.xero.com/oauth/Authorize"; const char *accessTokenUrl = "https://api.xero.com/oauth/AccessToken"; // The port number is picked at random. It's some unused port that won't likely conflict with anything else.. const char *callbackUrl = "http://localhost:3017/"; int callbackLocalPort = 3017; // The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token CkHttp http; bool success; http.put_OAuth1(true); http.put_OAuthConsumerKey(consumerKey); http.put_OAuthConsumerSecret(consumerSecret); http.put_OAuthCallback(callbackUrl); CkHttpRequest req; CkHttpResponse *resp = http.PostUrlEncoded(requestTokenUrl,req); if (http.get_LastMethodSuccess() != true) { strOut.append(http.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // If successful, the resp.BodyStr contains something like this: // oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true strOut.append(resp->bodyStr()); strOut.append("\r\n"); CkHashtable hashTab; hashTab.AddQueryParams(resp->bodyStr()); const char *requestToken = hashTab.lookupStr("oauth_token"); const char *requestTokenSecret = hashTab.lookupStr("oauth_token_secret"); http.put_OAuthTokenSecret(requestTokenSecret); delete resp; strOut.append("oauth_token = "); strOut.append(requestToken); strOut.append("\r\n"); strOut.append("oauth_token_secret = "); strOut.append(requestTokenSecret); strOut.append("\r\n"); // --------------------------------------------------------------------------- // The next step is to form a URL to send to the authorizeUrl // This is an HTTP GET that we load into a popup browser. CkStringBuilder sbUrlForBrowser; sbUrlForBrowser.Append(authorizeUrl); sbUrlForBrowser.Append("?oauth_token="); sbUrlForBrowser.Append(requestToken); const char *urlForBrowser = sbUrlForBrowser.getAsString(); // When the urlForBrowser is loaded into a browser, the response from Xero will redirect back to localhost:3017 // We'll need to start a socket that is listening on port 3017 for the callback from the browser. CkSocket listenSock; int backLog = 5; success = listenSock.BindAndListen(callbackLocalPort,backLog); if (success != true) { strOut.append(listenSock.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // Wait for the browser's connection in a background thread. // (We'll send load the URL into the browser following this..) // Wait a max of 60 seconds before giving up. int maxWaitMs = 60000; CkTask *task = listenSock.AcceptNextConnectionAsync(maxWaitMs); task->Run(); // At this point, your application should load the URL in a browser. // For example, // in C#: System.Diagnostics.Process.Start(urlForBrowser); // in Java: Desktop.getDesktop().browse(new URI(urlForBrowser)); // in VBScript: Set wsh=WScript.CreateObject("WScript.Shell") // wsh.Run urlForBrowser // in Xojo: ShowURL(url) (see http://docs.xojo.com/index.php/ShowURL) // in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl // The Xero account owner would interactively accept or deny the authorization request. // Add the code to load the url in a web browser here... // Add the code to load the url in a web browser here... // Add the code to load the url in a web browser here... // System.Diagnostics.Process.Start(urlForBrowser); // Wait for the listenSock's task to complete. success = task->Wait(maxWaitMs); if (!success || (task->get_StatusInt() != 7) || (task->get_TaskSuccess() != true)) { if (!success) { // The task.LastErrorText applies to the Wait method call. strOut.append(task->lastErrorText()); strOut.append("\r\n"); } else { // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection) strOut.append(task->status()); strOut.append("\r\n"); strOut.append(task->resultErrorText()); strOut.append("\r\n"); } delete task; SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // If we get to this point, the connection from the browser arrived and was accepted. // We no longer need the listen socket... // Stop listening on port 3017. listenSock.Close(10); // First get the connected socket. CkSocket sock; sock.LoadTaskResult(*task); delete task; // Read the start line of the request.. const char *startLine = sock.receiveUntilMatch("\r\n"); if (sock.get_LastMethodSuccess() != true) { strOut.append(sock.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // Read the request header. const char *requestHeader = sock.receiveUntilMatch("\r\n\r\n"); if (sock.get_LastMethodSuccess() != true) { strOut.append(sock.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // The browser SHOULD be sending us a GET request, and therefore there is no body to the request. // Once the request header is received, we have all of it. // We can now send our HTTP response. CkStringBuilder sbResponseHtml; sbResponseHtml.Append("<html><body><p>Chilkat thanks you!</b></body</html>"); CkStringBuilder sbResponse; sbResponse.Append("HTTP/1.1 200 OK\r\n"); sbResponse.Append("Content-Length: "); sbResponse.AppendInt(sbResponseHtml.get_Length()); sbResponse.Append("\r\n"); sbResponse.Append("Content-Type: text/html\r\n"); sbResponse.Append("\r\n"); sbResponse.AppendSb(sbResponseHtml); sock.SendString(sbResponse.getAsString()); sock.Close(50); // The information we need is in the startLine. // For example, the startLine will look something like this: // GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0 HTTP/1.1 CkStringBuilder sbStartLine; sbStartLine.Append(startLine); int numReplacements = sbStartLine.Replace("GET /?",""); numReplacements = sbStartLine.Replace(" HTTP/1.1",""); sbStartLine.Trim(); // oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0 strOut.append("startline: "); strOut.append(sbStartLine.getAsString()); strOut.append("\r\n"); hashTab.Clear(); hashTab.AddQueryParams(sbStartLine.getAsString()); requestToken = hashTab.lookupStr("oauth_token"); const char *authVerifier = hashTab.lookupStr("oauth_verifier"); // ------------------------------------------------------------------------------ // Finally , we must exchange the OAuth Request Token for an OAuth Access Token. http.put_OAuthToken(requestToken); http.put_OAuthVerifier(authVerifier); resp = http.PostUrlEncoded(accessTokenUrl,req); if (http.get_LastMethodSuccess() != true) { strOut.append(http.lastErrorText()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // Make sure a successful response was received. if (resp->get_StatusCode() != 200) { strOut.append(resp->statusLine()); strOut.append("\r\n"); strOut.append(resp->header()); strOut.append("\r\n"); strOut.append(resp->bodyStr()); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); return; } // If successful, the resp.BodyStr contains something like this: // oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&oauth_expires_in=1800&xero_org_muid=abcdecNhPKabcdNjz189t0 strOut.append(resp->bodyStr()); strOut.append("\r\n"); hashTab.Clear(); hashTab.AddQueryParams(resp->bodyStr()); const char *accessToken = hashTab.lookupStr("oauth_token"); const char *accessTokenSecret = hashTab.lookupStr("oauth_token_secret"); const char *orgMuid = hashTab.lookupStr("xero_org_muid"); const char *expiresIn = hashTab.lookupStr("oauth_expires_in"); delete resp; // The access token + secret is what should be saved and used for // subsequent REST API calls. strOut.append("Access Token = "); strOut.append(accessToken); strOut.append("\r\n"); strOut.append("Access Token Secret = "); strOut.append(accessTokenSecret); strOut.append("\r\n"); strOut.append("xero_org_muid = "); strOut.append(orgMuid); strOut.append("\r\n"); strOut.append("oauth_expires_in = "); strOut.append(expiresIn); strOut.append("\r\n"); // Save this access token for future calls. // Just in case we need xero_org_muid and oauth_expires_in, save those also.. CkJsonObject json; json.AppendString("oauth_token",accessToken); json.AppendString("oauth_token_secret",accessTokenSecret); json.AppendString("xero_org_muid",orgMuid); json.AppendString("oauth_expires_in",expiresIn); CkFileAccess fac; fac.WriteEntireTextFile("qa_data/tokens/xero.json",json.emit(),"utf-8",false); strOut.append("Success."); strOut.append("\r\n"); SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); } |
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.