(AutoIt) Wish for Merchants -- Get OAuth2 Access Token for Desktop App

Demonstrates how to get a Wish for Merchants OAuth2 access token from a desktop application or script.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

; This example is for desktop applicatons (it is not for code that runs on a web server).
; You'll need to add a line (or a few lines of code) to popup a web browser that navigates to a URL.
; This is explained in the comments below.

; This is the way to initially obtain the OAuth2 access token.  Afterwards it can be 
; repeatedly refreshed without user interaction, as shown in this example: Refresh Wish OAuth2 Access Token.

$oOauth2 = ObjCreate("Chilkat.OAuth2")
Local $bSuccess

; Wish OAuth2 does not allow a localhost callback URI such as "http://localhost:<portNumber>/"
; For a desktop app, you must provide a script on your web server to redirect to "http://localhost/<portNumber>"
; It can be written in C#, PHP, or whatever desired.  It must include the query string in the redirection.
; For example, in PHP your script would look like this:

; <?php
;   header( 'Location: http://localhost:3017?' . $_SERVER['QUERY_STRING'] );
; ?>

$oOauth2.AppCallbackUrl = "https://yourwebserver.com/OAuth2.php"
$oOauth2.ListenPort = 3017

$oOauth2.AuthorizationEndpoint = "https://merchant.wish.com/v3/oauth/authorize"
$oOauth2.TokenEndpoint = "https://merchant.wish.com/api/v3/oauth/access_token"

$oOauth2.UncommonOptions = "EXCHANGE_CODE_FOR_TOKEN_USING_GET"

; Replace these with actual values.
$oOauth2.ClientId = "WISH-CLIENT-ID"
$oOauth2.ClientSecret = "WISH-CLIENT-SECRET"

$oOauth2.Scope = ""

; Begin the OAuth2 three-legged flow.  This returns a URL that should be loaded in a browser.
Local $sUrl = $oOauth2.StartAuth()
If ($oOauth2.LastMethodSuccess <> True) Then
    ConsoleWrite($oOauth2.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite("url = " & $sUrl & @CRLF)

; At this point, your application should load the URL in a browser.
; For example, 
; in C#: System.Diagnostics.Process.Start(url);
; in Java: Desktop.getDesktop().browse(new URI(url));
; in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
;              wsh.Run url
; in Xojo: ShowURL(url)  (see http://docs.xojo.com/index.php/ShowURL)
; in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl        
; The Wish account owner would interactively accept or deny the authorization request.

; Add the code to load the url in a web browser here...
; Add the code to load the url in a web browser here...
; Add the code to load the url in a web browser here...

; Now wait for the authorization.
; We'll wait for a max of 60 seconds.
Local $iNumMsWaited = 0
While ($iNumMsWaited < 60000) And ($oOauth2.AuthFlowState < 3)
    $oOauth2.SleepMs 100
    $iNumMsWaited = $iNumMsWaited + 100
Wend

; If there was no response from the browser within 60 seconds, then 
; the AuthFlowState will be equal to 1 or 2.
; 1: Waiting for Redirect. The OAuth2 background thread is waiting to receive the redirect HTTP request from the browser.
; 2: Waiting for Final Response. The OAuth2 background thread is waiting for the final access token response.
; In that case, cancel the background task started in the call to StartAuth.
If ($oOauth2.AuthFlowState < 3) Then
    $oOauth2.Cancel()
    ConsoleWrite("No response from the browser!" & @CRLF)
    Exit
EndIf

; Check the AuthFlowState to see if authorization was granted, denied, or if some error occurred
; The possible AuthFlowState values are:
; 3: Completed with Success. The OAuth2 flow has completed, the background thread exited, and the successful JSON response is available in AccessTokenResponse property.
; 4: Completed with Access Denied. The OAuth2 flow has completed, the background thread exited, and the error JSON is available in AccessTokenResponse property.
; 5: Failed Prior to Completion. The OAuth2 flow failed to complete, the background thread exited, and the error information is available in the FailureInfo property.
If ($oOauth2.AuthFlowState = 5) Then
    ConsoleWrite("OAuth2 failed to complete." & @CRLF)
    ConsoleWrite($oOauth2.FailureInfo & @CRLF)
    Exit
EndIf

If ($oOauth2.AuthFlowState = 4) Then
    ConsoleWrite("OAuth2 authorization was denied." & @CRLF)
    ConsoleWrite($oOauth2.AccessTokenResponse & @CRLF)
    Exit
EndIf

If ($oOauth2.AuthFlowState <> 3) Then
    ConsoleWrite("Unexpected AuthFlowState:" & $oOauth2.AuthFlowState & @CRLF)
    Exit
EndIf

; Save the full JSON access token response to a file.
$oSbJson = ObjCreate("Chilkat.StringBuilder")
$oSbJson.Append($oOauth2.AccessTokenResponse)
$oSbJson.WriteFile("qa_data/tokens/wish.json","utf-8",False)

; The full JSON received looks like this:
; {
;   "message": "",
;   "code": 0,
;   "data": {
;     "access_token": "15af1c191c1243b029bc1660b5c08ce7",
;     "scopes": [
;       "epc:read",
;       "epc:write",
;       "fbs:read",
;       "fbs:write",
;       "fbw:read",
;       "fbw:write",
;       "infractions:read",
;       "infractions:write",
;       "insurance:read",
;       "insurance:write",
;       "loans:read",
;       "loans:write",
;       "merchant:read",
;       "merchant:write",
;       "notifications:read",
;       "notifications:write",
;       "orders:read",
;       "orders:write",
;       "payments:read",
;       "payments:write",
;       "penalties:read",
;       "penalties:write",
;       "product_boost:read",
;       "product_boost:write",
;       "products:read",
;       "products:write",
;       "ratings:read",
;       "ratings:write",
;       "returns:read",
;       "returns:write",
;       "tickets:read",
;       "tickets:write"
;     ],
;     "merchant_id": "5eb3f605178f5be2c784fa02",
;     "expiry_time": "2020-12-17T16:55:09.594+00:00",
;     "refresh_token": "55a38e44df674a1e859891624b2c4c23"
;   }
; }

ConsoleWrite("OAuth2 authorization granted!" & @CRLF)
ConsoleWrite("Access Token = " & $oOauth2.AccessToken & @CRLF)