Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Delphi DLL) Xero OAuth1 Authorization (3-legged)Demonstrates 3-legged OAuth1 authorization for Xero
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, FileAccess, Hashtable, Socket, HttpResponse, StringBuilder, JsonObject, HttpRequest, Task; ... procedure TForm1.Button1Click(Sender: TObject); var consumerKey: PWideChar; consumerSecret: PWideChar; requestTokenUrl: PWideChar; authorizeUrl: PWideChar; accessTokenUrl: PWideChar; callbackUrl: PWideChar; callbackLocalPort: Integer; http: HCkHttp; success: Boolean; req: HCkHttpRequest; resp: HCkHttpResponse; hashTab: HCkHashtable; requestToken: PWideChar; requestTokenSecret: PWideChar; sbUrlForBrowser: HCkStringBuilder; urlForBrowser: PWideChar; listenSock: HCkSocket; backLog: Integer; maxWaitMs: Integer; task: HCkTask; sock: HCkSocket; startLine: PWideChar; requestHeader: PWideChar; sbResponseHtml: HCkStringBuilder; sbResponse: HCkStringBuilder; sbStartLine: HCkStringBuilder; numReplacements: Integer; authVerifier: PWideChar; accessToken: PWideChar; accessTokenSecret: PWideChar; orgMuid: PWideChar; expiresIn: PWideChar; json: HCkJsonObject; fac: HCkFileAccess; begin consumerKey := 'XERO_CONSUMER_KEY'; consumerSecret := 'XERO_CONSUMER_SECRET'; requestTokenUrl := 'https://api.xero.com/oauth/RequestToken'; authorizeUrl := 'https://api.xero.com/oauth/Authorize'; accessTokenUrl := 'https://api.xero.com/oauth/AccessToken'; // The port number is picked at random. It's some unused port that won't likely conflict with anything else.. callbackUrl := 'http://localhost:3017/'; callbackLocalPort := 3017; // The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token http := CkHttp_Create(); CkHttp_putOAuth1(http,True); CkHttp_putOAuthConsumerKey(http,consumerKey); CkHttp_putOAuthConsumerSecret(http,consumerSecret); CkHttp_putOAuthCallback(http,callbackUrl); req := CkHttpRequest_Create(); resp := CkHttp_PostUrlEncoded(http,requestTokenUrl,req); if (CkHttp_getLastMethodSuccess(http) <> True) then begin Memo1.Lines.Add(CkHttp__lastErrorText(http)); Exit; end; // If successful, the resp.BodyStr contains something like this: // oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true Memo1.Lines.Add(CkHttpResponse__bodyStr(resp)); hashTab := CkHashtable_Create(); CkHashtable_AddQueryParams(hashTab,CkHttpResponse__bodyStr(resp)); requestToken := CkHashtable__lookupStr(hashTab,'oauth_token'); requestTokenSecret := CkHashtable__lookupStr(hashTab,'oauth_token_secret'); CkHttp_putOAuthTokenSecret(http,requestTokenSecret); CkHttpResponse_Dispose(resp); Memo1.Lines.Add('oauth_token = ' + requestToken); Memo1.Lines.Add('oauth_token_secret = ' + requestTokenSecret); // --------------------------------------------------------------------------- // The next step is to form a URL to send to the authorizeUrl // This is an HTTP GET that we load into a popup browser. sbUrlForBrowser := CkStringBuilder_Create(); CkStringBuilder_Append(sbUrlForBrowser,authorizeUrl); CkStringBuilder_Append(sbUrlForBrowser,'?oauth_token='); CkStringBuilder_Append(sbUrlForBrowser,requestToken); urlForBrowser := CkStringBuilder__getAsString(sbUrlForBrowser); // When the urlForBrowser is loaded into a browser, the response from Xero will redirect back to localhost:3017 // We'll need to start a socket that is listening on port 3017 for the callback from the browser. listenSock := CkSocket_Create(); backLog := 5; success := CkSocket_BindAndListen(listenSock,callbackLocalPort,backLog); if (success <> True) then begin Memo1.Lines.Add(CkSocket__lastErrorText(listenSock)); Exit; end; // Wait for the browser's connection in a background thread. // (We'll send load the URL into the browser following this..) // Wait a max of 60 seconds before giving up. maxWaitMs := 60000; task := CkSocket_AcceptNextConnectionAsync(listenSock,maxWaitMs); CkTask_Run(task); // At this point, your application should load the URL in a browser. // For example, // in C#: System.Diagnostics.Process.Start(urlForBrowser); // in Java: Desktop.getDesktop().browse(new URI(urlForBrowser)); // in VBScript: Set wsh=WScript.CreateObject("WScript.Shell") // wsh.Run urlForBrowser // in Xojo: ShowURL(url) (see http://docs.xojo.com/index.php/ShowURL) // in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl // The Xero account owner would interactively accept or deny the authorization request. // Add the code to load the url in a web browser here... // Add the code to load the url in a web browser here... // Add the code to load the url in a web browser here... // System.Diagnostics.Process.Start(urlForBrowser); // Wait for the listenSock's task to complete. success := CkTask_Wait(task,maxWaitMs); if (not success or (CkTask_getStatusInt(task) <> 7) or (CkTask_getTaskSuccess(task) <> True)) then begin if (not success) then begin // The task.LastErrorText applies to the Wait method call. Memo1.Lines.Add(CkTask__lastErrorText(task)); end else begin // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection) Memo1.Lines.Add(CkTask__status(task)); Memo1.Lines.Add(CkTask__resultErrorText(task)); end; CkTask_Dispose(task); Exit; end; // If we get to this point, the connection from the browser arrived and was accepted. // We no longer need the listen socket... // Stop listening on port 3017. CkSocket_Close(listenSock,10); // First get the connected socket. sock := CkSocket_Create(); CkSocket_LoadTaskResult(sock,task); CkTask_Dispose(task); // Read the start line of the request.. startLine := CkSocket__receiveUntilMatch(sock,#13#10); if (CkSocket_getLastMethodSuccess(sock) <> True) then begin Memo1.Lines.Add(CkSocket__lastErrorText(sock)); Exit; end; // Read the request header. requestHeader := CkSocket__receiveUntilMatch(sock,#13#10 + #13#10); if (CkSocket_getLastMethodSuccess(sock) <> True) then begin Memo1.Lines.Add(CkSocket__lastErrorText(sock)); Exit; end; // The browser SHOULD be sending us a GET request, and therefore there is no body to the request. // Once the request header is received, we have all of it. // We can now send our HTTP response. sbResponseHtml := CkStringBuilder_Create(); CkStringBuilder_Append(sbResponseHtml,'<html><body><p>Chilkat thanks you!</b></body</html>'); sbResponse := CkStringBuilder_Create(); CkStringBuilder_Append(sbResponse,'HTTP/1.1 200 OK' + #13#10); CkStringBuilder_Append(sbResponse,'Content-Length: '); CkStringBuilder_AppendInt(sbResponse,CkStringBuilder_getLength(sbResponseHtml)); CkStringBuilder_Append(sbResponse,#13#10); CkStringBuilder_Append(sbResponse,'Content-Type: text/html' + #13#10); CkStringBuilder_Append(sbResponse,#13#10); CkStringBuilder_AppendSb(sbResponse,sbResponseHtml); CkSocket_SendString(sock,CkStringBuilder__getAsString(sbResponse)); CkSocket_Close(sock,50); // The information we need is in the startLine. // For example, the startLine will look something like this: // GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0 HTTP/1.1 sbStartLine := CkStringBuilder_Create(); CkStringBuilder_Append(sbStartLine,startLine); numReplacements := CkStringBuilder_Replace(sbStartLine,'GET /?',''); numReplacements := CkStringBuilder_Replace(sbStartLine,' HTTP/1.1',''); CkStringBuilder_Trim(sbStartLine); // oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0 Memo1.Lines.Add('startline: ' + CkStringBuilder__getAsString(sbStartLine)); CkHashtable_Clear(hashTab); CkHashtable_AddQueryParams(hashTab,CkStringBuilder__getAsString(sbStartLine)); requestToken := CkHashtable__lookupStr(hashTab,'oauth_token'); authVerifier := CkHashtable__lookupStr(hashTab,'oauth_verifier'); // ------------------------------------------------------------------------------ // Finally , we must exchange the OAuth Request Token for an OAuth Access Token. CkHttp_putOAuthToken(http,requestToken); CkHttp_putOAuthVerifier(http,authVerifier); resp := CkHttp_PostUrlEncoded(http,accessTokenUrl,req); if (CkHttp_getLastMethodSuccess(http) <> True) then begin Memo1.Lines.Add(CkHttp__lastErrorText(http)); Exit; end; // Make sure a successful response was received. if (CkHttpResponse_getStatusCode(resp) <> 200) then begin Memo1.Lines.Add(CkHttpResponse__statusLine(resp)); Memo1.Lines.Add(CkHttpResponse__header(resp)); Memo1.Lines.Add(CkHttpResponse__bodyStr(resp)); Exit; end; // If successful, the resp.BodyStr contains something like this: // oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&oauth_expires_in=1800&xero_org_muid=abcdecNhPKabcdNjz189t0 Memo1.Lines.Add(CkHttpResponse__bodyStr(resp)); CkHashtable_Clear(hashTab); CkHashtable_AddQueryParams(hashTab,CkHttpResponse__bodyStr(resp)); accessToken := CkHashtable__lookupStr(hashTab,'oauth_token'); accessTokenSecret := CkHashtable__lookupStr(hashTab,'oauth_token_secret'); orgMuid := CkHashtable__lookupStr(hashTab,'xero_org_muid'); expiresIn := CkHashtable__lookupStr(hashTab,'oauth_expires_in'); CkHttpResponse_Dispose(resp); // The access token + secret is what should be saved and used for // subsequent REST API calls. Memo1.Lines.Add('Access Token = ' + accessToken); Memo1.Lines.Add('Access Token Secret = ' + accessTokenSecret); Memo1.Lines.Add('xero_org_muid = ' + orgMuid); Memo1.Lines.Add('oauth_expires_in = ' + expiresIn); // Save this access token for future calls. // Just in case we need xero_org_muid and oauth_expires_in, save those also.. json := CkJsonObject_Create(); CkJsonObject_AppendString(json,'oauth_token',accessToken); CkJsonObject_AppendString(json,'oauth_token_secret',accessTokenSecret); CkJsonObject_AppendString(json,'xero_org_muid',orgMuid); CkJsonObject_AppendString(json,'oauth_expires_in',expiresIn); fac := CkFileAccess_Create(); CkFileAccess_WriteEntireTextFile(fac,'qa_data/tokens/xero.json',CkJsonObject__emit(json),'utf-8',False); Memo1.Lines.Add('Success.'); CkHttp_Dispose(http); CkHttpRequest_Dispose(req); CkHashtable_Dispose(hashTab); CkStringBuilder_Dispose(sbUrlForBrowser); CkSocket_Dispose(listenSock); CkSocket_Dispose(sock); CkStringBuilder_Dispose(sbResponseHtml); CkStringBuilder_Dispose(sbResponse); CkStringBuilder_Dispose(sbStartLine); CkJsonObject_Dispose(json); CkFileAccess_Dispose(fac); end; |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.