(C) Xero OAuth1 Authorization (3-legged)

Demonstrates 3-legged OAuth1 authorization for Xero

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkHttp.h>
#include <C_CkHttpRequest.h>
#include <C_CkHttpResponse.h>
#include <C_CkHashtable.h>
#include <C_CkStringBuilder.h>
#include <C_CkSocket.h>
#include <C_CkTask.h>
#include <C_CkJsonObject.h>
#include <C_CkFileAccess.h>

void ChilkatSample(void)
    {
    const char *consumerKey;
    const char *consumerSecret;
    const char *requestTokenUrl;
    const char *authorizeUrl;
    const char *accessTokenUrl;
    const char *callbackUrl;
    int callbackLocalPort;
    HCkHttp http;
    BOOL success;
    HCkHttpRequest req;
    HCkHttpResponse resp;
    HCkHashtable hashTab;
    const char *requestToken;
    const char *requestTokenSecret;
    HCkStringBuilder sbUrlForBrowser;
    const char *urlForBrowser;
    HCkSocket listenSock;
    int backLog;
    int maxWaitMs;
    HCkTask task;
    HCkSocket sock;
    const char *startLine;
    const char *requestHeader;
    HCkStringBuilder sbResponseHtml;
    HCkStringBuilder sbResponse;
    HCkStringBuilder sbStartLine;
    int numReplacements;
    const char *authVerifier;
    const char *accessToken;
    const char *accessTokenSecret;
    const char *orgMuid;
    const char *expiresIn;
    HCkJsonObject json;
    HCkFileAccess fac;

    consumerKey = "XERO_CONSUMER_KEY";
    consumerSecret = "XERO_CONSUMER_SECRET";

    requestTokenUrl = "https://api.xero.com/oauth/RequestToken";
    authorizeUrl = "https://api.xero.com/oauth/Authorize";
    accessTokenUrl = "https://api.xero.com/oauth/AccessToken";

    // The port number is picked at random. It's some unused port that won't likely conflict with anything else..
    callbackUrl = "http://localhost:3017/";
    callbackLocalPort = 3017;

    // The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
    http = CkHttp_Create();

    CkHttp_putOAuth1(http,TRUE);
    CkHttp_putOAuthConsumerKey(http,consumerKey);
    CkHttp_putOAuthConsumerSecret(http,consumerSecret);
    CkHttp_putOAuthCallback(http,callbackUrl);

    req = CkHttpRequest_Create();
    resp = CkHttp_PostUrlEncoded(http,requestTokenUrl,req);
    if (CkHttp_getLastMethodSuccess(http) != TRUE) {
        printf("%s\n",CkHttp_lastErrorText(http));
        CkHttp_Dispose(http);
        CkHttpRequest_Dispose(req);
        return;
    }

    // If successful, the resp.BodyStr contains something like this:  
    // oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
    printf("%s\n",CkHttpResponse_bodyStr(resp));

    hashTab = CkHashtable_Create();
    CkHashtable_AddQueryParams(hashTab,CkHttpResponse_bodyStr(resp));

    requestToken = CkHashtable_lookupStr(hashTab,"oauth_token");
    requestTokenSecret = CkHashtable_lookupStr(hashTab,"oauth_token_secret");
    CkHttp_putOAuthTokenSecret(http,requestTokenSecret);

    CkHttpResponse_Dispose(resp);

    printf("oauth_token = %s\n",requestToken);
    printf("oauth_token_secret = %s\n",requestTokenSecret);

    // ---------------------------------------------------------------------------
    // The next step is to form a URL to send to the authorizeUrl
    // This is an HTTP GET that we load into a popup browser.
    sbUrlForBrowser = CkStringBuilder_Create();
    CkStringBuilder_Append(sbUrlForBrowser,authorizeUrl);
    CkStringBuilder_Append(sbUrlForBrowser,"?oauth_token=");
    CkStringBuilder_Append(sbUrlForBrowser,requestToken);
    urlForBrowser = CkStringBuilder_getAsString(sbUrlForBrowser);

    // When the urlForBrowser is loaded into a browser, the response from Xero will redirect back to localhost:3017
    // We'll need to start a socket that is listening on port 3017 for the callback from the browser.
    listenSock = CkSocket_Create();

    backLog = 5;
    success = CkSocket_BindAndListen(listenSock,callbackLocalPort,backLog);
    if (success != TRUE) {
        printf("%s\n",CkSocket_lastErrorText(listenSock));
        CkHttp_Dispose(http);
        CkHttpRequest_Dispose(req);
        CkHashtable_Dispose(hashTab);
        CkStringBuilder_Dispose(sbUrlForBrowser);
        CkSocket_Dispose(listenSock);
        return;
    }

    // Wait for the browser's connection in a background thread.
    // (We'll send load the URL into the browser following this..)
    // Wait a max of 60 seconds before giving up.
    maxWaitMs = 60000;
    task = CkSocket_AcceptNextConnectionAsync(listenSock,maxWaitMs);
    CkTask_Run(task);

    //  At this point, your application should load the URL in a browser.
    //  For example,
    //  in C#:  System.Diagnostics.Process.Start(urlForBrowser);
    //  in Java: Desktop.getDesktop().browse(new URI(urlForBrowser));
    //  in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
    //               wsh.Run urlForBrowser
    // in Xojo: ShowURL(url)  (see http://docs.xojo.com/index.php/ShowURL)
    // in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl        
    //  The Xero account owner would interactively accept or deny the authorization request.

    //  Add the code to load the url in a web browser here...
    //  Add the code to load the url in a web browser here...
    //  Add the code to load the url in a web browser here...
    // System.Diagnostics.Process.Start(urlForBrowser);

    // Wait for the listenSock's task to complete.
    success = CkTask_Wait(task,maxWaitMs);
    if (!success || (CkTask_getStatusInt(task) != 7) || (CkTask_getTaskSuccess(task) != TRUE)) {
        if (!success) {
            // The task.LastErrorText applies to the Wait method call.
            printf("%s\n",CkTask_lastErrorText(task));
        }
        else {
            // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
            printf("%s\n",CkTask_status(task));
            printf("%s\n",CkTask_resultErrorText(task));
        }

        CkTask_Dispose(task);
        CkHttp_Dispose(http);
        CkHttpRequest_Dispose(req);
        CkHashtable_Dispose(hashTab);
        CkStringBuilder_Dispose(sbUrlForBrowser);
        CkSocket_Dispose(listenSock);
        return;
    }

    // If we get to this point, the connection from the browser arrived and was accepted.

    // We no longer need the listen socket...
    // Stop listening on port 3017.
    CkSocket_Close(listenSock,10);

    // First get the connected socket.
    sock = CkSocket_Create();
    CkSocket_LoadTaskResult(sock,task);
    CkTask_Dispose(task);

    // Read the start line of the request..
    startLine = CkSocket_receiveUntilMatch(sock,"\r\n");
    if (CkSocket_getLastMethodSuccess(sock) != TRUE) {
        printf("%s\n",CkSocket_lastErrorText(sock));
        CkHttp_Dispose(http);
        CkHttpRequest_Dispose(req);
        CkHashtable_Dispose(hashTab);
        CkStringBuilder_Dispose(sbUrlForBrowser);
        CkSocket_Dispose(listenSock);
        CkSocket_Dispose(sock);
        return;
    }

    // Read the request header.
    requestHeader = CkSocket_receiveUntilMatch(sock,"\r\n\r\n");
    if (CkSocket_getLastMethodSuccess(sock) != TRUE) {
        printf("%s\n",CkSocket_lastErrorText(sock));
        CkHttp_Dispose(http);
        CkHttpRequest_Dispose(req);
        CkHashtable_Dispose(hashTab);
        CkStringBuilder_Dispose(sbUrlForBrowser);
        CkSocket_Dispose(listenSock);
        CkSocket_Dispose(sock);
        return;
    }

    // The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
    // Once the request header is received, we have all of it.
    // We can now send our HTTP response.
    sbResponseHtml = CkStringBuilder_Create();
    CkStringBuilder_Append(sbResponseHtml,"<html><body><p>Chilkat thanks you!</b></body</html>");

    sbResponse = CkStringBuilder_Create();
    CkStringBuilder_Append(sbResponse,"HTTP/1.1 200 OK\r\n");
    CkStringBuilder_Append(sbResponse,"Content-Length: ");
    CkStringBuilder_AppendInt(sbResponse,CkStringBuilder_getLength(sbResponseHtml));
    CkStringBuilder_Append(sbResponse,"\r\n");
    CkStringBuilder_Append(sbResponse,"Content-Type: text/html\r\n");
    CkStringBuilder_Append(sbResponse,"\r\n");
    CkStringBuilder_AppendSb(sbResponse,sbResponseHtml);

    CkSocket_SendString(sock,CkStringBuilder_getAsString(sbResponse));
    CkSocket_Close(sock,50);

    // The information we need is in the startLine.
    // For example, the startLine will look something like this:
    //  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0 HTTP/1.1
    sbStartLine = CkStringBuilder_Create();
    CkStringBuilder_Append(sbStartLine,startLine);
    numReplacements = CkStringBuilder_Replace(sbStartLine,"GET /?","");
    numReplacements = CkStringBuilder_Replace(sbStartLine," HTTP/1.1","");
    CkStringBuilder_Trim(sbStartLine);

    // oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0
    printf("startline: %s\n",CkStringBuilder_getAsString(sbStartLine));

    CkHashtable_Clear(hashTab);
    CkHashtable_AddQueryParams(hashTab,CkStringBuilder_getAsString(sbStartLine));

    requestToken = CkHashtable_lookupStr(hashTab,"oauth_token");
    authVerifier = CkHashtable_lookupStr(hashTab,"oauth_verifier");

    // ------------------------------------------------------------------------------
    // Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

    CkHttp_putOAuthToken(http,requestToken);
    CkHttp_putOAuthVerifier(http,authVerifier);
    resp = CkHttp_PostUrlEncoded(http,accessTokenUrl,req);
    if (CkHttp_getLastMethodSuccess(http) != TRUE) {
        printf("%s\n",CkHttp_lastErrorText(http));
        CkHttp_Dispose(http);
        CkHttpRequest_Dispose(req);
        CkHashtable_Dispose(hashTab);
        CkStringBuilder_Dispose(sbUrlForBrowser);
        CkSocket_Dispose(listenSock);
        CkSocket_Dispose(sock);
        CkStringBuilder_Dispose(sbResponseHtml);
        CkStringBuilder_Dispose(sbResponse);
        CkStringBuilder_Dispose(sbStartLine);
        return;
    }

    // Make sure a successful response was received.
    if (CkHttpResponse_getStatusCode(resp) != 200) {
        printf("%s\n",CkHttpResponse_statusLine(resp));
        printf("%s\n",CkHttpResponse_header(resp));
        printf("%s\n",CkHttpResponse_bodyStr(resp));
        CkHttp_Dispose(http);
        CkHttpRequest_Dispose(req);
        CkHashtable_Dispose(hashTab);
        CkStringBuilder_Dispose(sbUrlForBrowser);
        CkSocket_Dispose(listenSock);
        CkSocket_Dispose(sock);
        CkStringBuilder_Dispose(sbResponseHtml);
        CkStringBuilder_Dispose(sbResponse);
        CkStringBuilder_Dispose(sbStartLine);
        return;
    }

    // If successful, the resp.BodyStr contains something like this:
    // oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&oauth_expires_in=1800&xero_org_muid=abcdecNhPKabcdNjz189t0
    printf("%s\n",CkHttpResponse_bodyStr(resp));

    CkHashtable_Clear(hashTab);
    CkHashtable_AddQueryParams(hashTab,CkHttpResponse_bodyStr(resp));

    accessToken = CkHashtable_lookupStr(hashTab,"oauth_token");
    accessTokenSecret = CkHashtable_lookupStr(hashTab,"oauth_token_secret");
    orgMuid = CkHashtable_lookupStr(hashTab,"xero_org_muid");
    expiresIn = CkHashtable_lookupStr(hashTab,"oauth_expires_in");

    CkHttpResponse_Dispose(resp);

    // The access token + secret is what should be saved and used for
    // subsequent REST API calls.
    printf("Access Token = %s\n",accessToken);
    printf("Access Token Secret = %s\n",accessTokenSecret);
    printf("xero_org_muid = %s\n",orgMuid);
    printf("oauth_expires_in  = %s\n",expiresIn);

    // Save this access token for future calls.
    // Just in case we need xero_org_muid and oauth_expires_in, save those also..
    json = CkJsonObject_Create();
    CkJsonObject_AppendString(json,"oauth_token",accessToken);
    CkJsonObject_AppendString(json,"oauth_token_secret",accessTokenSecret);
    CkJsonObject_AppendString(json,"xero_org_muid",orgMuid);
    CkJsonObject_AppendString(json,"oauth_expires_in",expiresIn);

    fac = CkFileAccess_Create();
    CkFileAccess_WriteEntireTextFile(fac,"qa_data/tokens/xero.json",CkJsonObject_emit(json),"utf-8",FALSE);

    printf("Success.\n");


    CkHttp_Dispose(http);
    CkHttpRequest_Dispose(req);
    CkHashtable_Dispose(hashTab);
    CkStringBuilder_Dispose(sbUrlForBrowser);
    CkSocket_Dispose(listenSock);
    CkSocket_Dispose(sock);
    CkStringBuilder_Dispose(sbResponseHtml);
    CkStringBuilder_Dispose(sbResponse);
    CkStringBuilder_Dispose(sbStartLine);
    CkJsonObject_Dispose(json);
    CkFileAccess_Dispose(fac);

    }