Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(CkPython) Xero OAuth1 Authorization (3-legged)Demonstrates 3-legged OAuth1 authorization for Xero
import sys import chilkat consumerKey = "XERO_CONSUMER_KEY" consumerSecret = "XERO_CONSUMER_SECRET" requestTokenUrl = "https://api.xero.com/oauth/RequestToken" authorizeUrl = "https://api.xero.com/oauth/Authorize" accessTokenUrl = "https://api.xero.com/oauth/AccessToken" # The port number is picked at random. It's some unused port that won't likely conflict with anything else.. callbackUrl = "http://localhost:3017/" callbackLocalPort = 3017 # The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token http = chilkat.CkHttp() http.put_OAuth1(True) http.put_OAuthConsumerKey(consumerKey) http.put_OAuthConsumerSecret(consumerSecret) http.put_OAuthCallback(callbackUrl) req = chilkat.CkHttpRequest() # resp is a CkHttpResponse resp = http.PostUrlEncoded(requestTokenUrl,req) if (http.get_LastMethodSuccess() != True): print(http.lastErrorText()) sys.exit() # If successful, the resp.BodyStr contains something like this: # oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true print(resp.bodyStr()) hashTab = chilkat.CkHashtable() hashTab.AddQueryParams(resp.bodyStr()) requestToken = hashTab.lookupStr("oauth_token") requestTokenSecret = hashTab.lookupStr("oauth_token_secret") http.put_OAuthTokenSecret(requestTokenSecret) print("oauth_token = " + requestToken) print("oauth_token_secret = " + requestTokenSecret) # --------------------------------------------------------------------------- # The next step is to form a URL to send to the authorizeUrl # This is an HTTP GET that we load into a popup browser. sbUrlForBrowser = chilkat.CkStringBuilder() sbUrlForBrowser.Append(authorizeUrl) sbUrlForBrowser.Append("?oauth_token=") sbUrlForBrowser.Append(requestToken) urlForBrowser = sbUrlForBrowser.getAsString() # When the urlForBrowser is loaded into a browser, the response from Xero will redirect back to localhost:3017 # We'll need to start a socket that is listening on port 3017 for the callback from the browser. listenSock = chilkat.CkSocket() backLog = 5 success = listenSock.BindAndListen(callbackLocalPort,backLog) if (success != True): print(listenSock.lastErrorText()) sys.exit() # Wait for the browser's connection in a background thread. # (We'll send load the URL into the browser following this..) # Wait a max of 60 seconds before giving up. maxWaitMs = 60000 # task is a CkTask task = listenSock.AcceptNextConnectionAsync(maxWaitMs) task.Run() # At this point, your application should load the URL in a browser. # For example, # in C#: System.Diagnostics.Process.Start(urlForBrowser); # in Java: Desktop.getDesktop().browse(new URI(urlForBrowser)); # in VBScript: Set wsh=WScript.CreateObject("WScript.Shell") # wsh.Run urlForBrowser # in Xojo: ShowURL(url) (see http://docs.xojo.com/index.php/ShowURL) # in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl # The Xero account owner would interactively accept or deny the authorization request. # Add the code to load the url in a web browser here... # Add the code to load the url in a web browser here... # Add the code to load the url in a web browser here... # System.Diagnostics.Process.Start(urlForBrowser); # Wait for the listenSock's task to complete. success = task.Wait(maxWaitMs) if (not success or (task.get_StatusInt() != 7) or (task.get_TaskSuccess() != True)): if (not success): # The task.LastErrorText applies to the Wait method call. print(task.lastErrorText()) else: # The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection) print(task.status()) print(task.resultErrorText()) sys.exit() # If we get to this point, the connection from the browser arrived and was accepted. # We no longer need the listen socket... # Stop listening on port 3017. listenSock.Close(10) # First get the connected socket. sock = chilkat.CkSocket() sock.LoadTaskResult(task) # Read the start line of the request.. startLine = sock.receiveUntilMatch("\r\n") if (sock.get_LastMethodSuccess() != True): print(sock.lastErrorText()) sys.exit() # Read the request header. requestHeader = sock.receiveUntilMatch("\r\n\r\n") if (sock.get_LastMethodSuccess() != True): print(sock.lastErrorText()) sys.exit() # The browser SHOULD be sending us a GET request, and therefore there is no body to the request. # Once the request header is received, we have all of it. # We can now send our HTTP response. sbResponseHtml = chilkat.CkStringBuilder() sbResponseHtml.Append("<html><body><p>Chilkat thanks you!</b></body</html>") sbResponse = chilkat.CkStringBuilder() sbResponse.Append("HTTP/1.1 200 OK\r\n") sbResponse.Append("Content-Length: ") sbResponse.AppendInt(sbResponseHtml.get_Length()) sbResponse.Append("\r\n") sbResponse.Append("Content-Type: text/html\r\n") sbResponse.Append("\r\n") sbResponse.AppendSb(sbResponseHtml) sock.SendString(sbResponse.getAsString()) sock.Close(50) # The information we need is in the startLine. # For example, the startLine will look something like this: # GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0 HTTP/1.1 sbStartLine = chilkat.CkStringBuilder() sbStartLine.Append(startLine) numReplacements = sbStartLine.Replace("GET /?","") numReplacements = sbStartLine.Replace(" HTTP/1.1","") sbStartLine.Trim() # oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0 print("startline: " + sbStartLine.getAsString()) hashTab.Clear() hashTab.AddQueryParams(sbStartLine.getAsString()) requestToken = hashTab.lookupStr("oauth_token") authVerifier = hashTab.lookupStr("oauth_verifier") # ------------------------------------------------------------------------------ # Finally , we must exchange the OAuth Request Token for an OAuth Access Token. http.put_OAuthToken(requestToken) http.put_OAuthVerifier(authVerifier) # resp is a CkHttpResponse resp = http.PostUrlEncoded(accessTokenUrl,req) if (http.get_LastMethodSuccess() != True): print(http.lastErrorText()) sys.exit() # Make sure a successful response was received. if (resp.get_StatusCode() != 200): print(resp.statusLine()) print(resp.header()) print(resp.bodyStr()) sys.exit() # If successful, the resp.BodyStr contains something like this: # oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&oauth_expires_in=1800&xero_org_muid=abcdecNhPKabcdNjz189t0 print(resp.bodyStr()) hashTab.Clear() hashTab.AddQueryParams(resp.bodyStr()) accessToken = hashTab.lookupStr("oauth_token") accessTokenSecret = hashTab.lookupStr("oauth_token_secret") orgMuid = hashTab.lookupStr("xero_org_muid") expiresIn = hashTab.lookupStr("oauth_expires_in") # The access token + secret is what should be saved and used for # subsequent REST API calls. print("Access Token = " + accessToken) print("Access Token Secret = " + accessTokenSecret) print("xero_org_muid = " + orgMuid) print("oauth_expires_in = " + expiresIn) # Save this access token for future calls. # Just in case we need xero_org_muid and oauth_expires_in, save those also.. json = chilkat.CkJsonObject() json.AppendString("oauth_token",accessToken) json.AppendString("oauth_token_secret",accessTokenSecret) json.AppendString("xero_org_muid",orgMuid) json.AppendString("oauth_expires_in",expiresIn) fac = chilkat.CkFileAccess() fac.WriteEntireTextFile("qa_data/tokens/xero.json",json.emit(),"utf-8",False) print("Success.") |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.