Sample code for 30+ languages & platforms
DataFlex

Quickbooks OAuth2 in a Desktop App

See more QuickBooks Examples

Demonstrates how to get a QuickBooks OAuth2 access token from a desktop application or script.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoOauth2
    String sUrl
    Integer iNumMsWaited
    Handle hoSbJson
    String sRealmId
    String sTemp1
    Integer iTemp1
    Boolean bTemp1

    Move False To iSuccess

    // To further clarify, see OAuth 2.0 Authorization Flow

    // ------------------------------------------------------------------------------------------------
    // IMPORTANT: You first need to define an App in the Quickbooks Developer Dashboard.
    // See How to Create an App in QuickBooks Developer Dashboard
    // ------------------------------------------------------------------------------------------------

    // This example is for desktop applicatons (it is not for code that runs on a web server).
    // You'll need to add a line (or a few lines of code) to popup a web browser that navigates to a URL.

    // This is the way to initially obtain the OAuth2 access token.  Afterwards it can be 
    // repeatedly refreshed without user interaction, as shown in this example: Refresh Quickbooks OAuth2 Access Token.

    Get Create (RefClass(cComChilkatOAuth2)) To hoOauth2
    If (Not(IsComObjectCreated(hoOauth2))) Begin
        Send CreateComObject of hoOauth2
    End

    // QuickBooks OAuth2 allows for an "http://localhost:<portNumber>/" callback URL for sandbox testing,
    // but not for production.

    // In production, your applicaton must use your own public web server as an intermediate
    // to receive and forward the redirect to localhost.
    // See Using Your Web Server as an Intermediary for OAuth2 Redirect to localhost

    Set ComAppCallbackUrl Of hoOauth2 To "https://yourwebserver.com/OAuth2.php"
    Set ComListenPort Of hoOauth2 To 3017

    Set ComAuthorizationEndpoint Of hoOauth2 To "https://appcenter.intuit.com/connect/oauth2"
    Set ComTokenEndpoint Of hoOauth2 To "https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer"

    // Replace these with actual values.
    Set ComClientId Of hoOauth2 To "QUICKBOOKS-CLIENT-ID"
    Set ComClientSecret Of hoOauth2 To "QUICKBOOKS-CLIENT-SECRET"
    Set ComUseBasicAuth Of hoOauth2 To True
    Set ComCodeChallenge Of hoOauth2 To False

    // Indicate the desired access.  Possible scopes that can appear in the list are:
    // com.intuit.quickbooks.accounting:  QuickBooks Online API
    // com.intuit.quickbooks.payment:  QuickBooks Payments API
    // openid:  OpenID Connect processing
    // profile:  user's given and family names
    // email:  user's email address
    // phone:  user's phone number
    // address:  user's physical address
    Set ComScope Of hoOauth2 To "com.intuit.quickbooks.accounting"

    // Begin the OAuth2 Authorization code flow.  This returns a URL that should be loaded in a browser.
    Get ComStartAuth Of hoOauth2 To sUrl
    Get ComLastMethodSuccess Of hoOauth2 To bTemp1
    If (bTemp1 = False) Begin
        Get ComLastErrorText Of hoOauth2 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "url = " sUrl

    // Launch the default browser on the system and navigate to the url.
    // The LaunchBrowser method was added in Chilkat v10.1.2.
    Get ComLaunchBrowser Of hoOauth2 sUrl To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoOauth2 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Wait for the user to approve or deny authorization in the browser.
    Move 0 To iNumMsWaited
    While ((iNumMsWaited < 90000) And ((ComAuthFlowState(hoOauth2)) < 3))
        Send ComSleepMs To hoOauth2 100
        Move (iNumMsWaited + 100) To iNumMsWaited
    Loop

    // If the browser does not respond within the specified time, AuthFlowState will be:
    // 
    // 1: Waiting for Redirect – The OAuth2 background thread is waiting for the browser's redirect request.
    // 2: Waiting for Final Response – The thread is awaiting the final access token response.
    // In either case, cancel the background task initiated by StartAuth.

    Get ComAuthFlowState Of hoOauth2 To iTemp1
    If (iTemp1 < 3) Begin
        Get ComCancel Of hoOauth2 To iSuccess
        Showln "No response from the browser!"
        Procedure_Return
    End

    // Check AuthFlowState to determine if authorization was granted, denied, or failed:
    // 
    // 3: Success – OAuth2 flow completed, the background thread exited, and the successful response is in AccessTokenResponse.
    // 4: Access Denied – OAuth2 flow completed, the background thread exited, and the error response is in AccessTokenResponse.
    // 5: Failure – OAuth2 flow failed before completion, the background thread exited, and error details are in FailureInfo.

    Get ComAuthFlowState Of hoOauth2 To iTemp1
    If (iTemp1 = 5) Begin
        Showln "OAuth2 failed to complete."
        Get ComFailureInfo Of hoOauth2 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComAuthFlowState Of hoOauth2 To iTemp1
    If (iTemp1 = 4) Begin
        Showln "OAuth2 authorization was denied."
        Get ComAccessTokenResponse Of hoOauth2 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComAuthFlowState Of hoOauth2 To iTemp1
    If (iTemp1 <> 3) Begin
        Get ComAuthFlowState Of hoOauth2 To iTemp1
        Showln "Unexpected AuthFlowState:" iTemp1
        Procedure_Return
    End

    // Save the full JSON access token response to a file.
    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbJson
    If (Not(IsComObjectCreated(hoSbJson))) Begin
        Send CreateComObject of hoSbJson
    End
    Get ComAccessTokenResponse Of hoOauth2 To sTemp1
    Get ComAppend Of hoSbJson sTemp1 To iSuccess
    Get ComWriteFile Of hoSbJson "qa_data/tokens/qb-access-token.json" "utf-8" False To iSuccess

    // The full JSON received looks like this:
    // {
    //   "expires_in": 3600,
    //   "x_refresh_token_expires_in": 8726400,
    //   "refresh_token": "L011546037639r ... 3vR2DrbOmg0Sdagw",
    //   "access_token": "eyJlbmMiOiJBMTI4Q0 ... oETJEMbeggg",
    //   "token_type": "bearer"
    // }

    Showln "OAuth2 authorization granted!"
    Get ComAccessToken Of hoOauth2 To sTemp1
    Showln "Access Token = " sTemp1

    // Get the realmId if needed...
    // See About the QuickBooks REST API Realm ID, also known as Company ID
    Get ComGetRedirectRequestParam Of hoOauth2 "realmId" To sRealmId
    Get ComLastMethodSuccess Of hoOauth2 To bTemp1
    If (bTemp1 = True) Begin
        Showln "realmId: " sRealmId
    End
    Else Begin
        Showln "No realmId was provided."
    End



End_Procedure