(SQL Server) Get Ebay OAuth2 in a Desktop App

See more eBay Examples

Demonstrates how to get a Ebay OAuth2 access token from a desktop application or script.

There are two ways of "minting" an OAuth2 access token.

The authorization code grant flow (this example) (https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html) This is where your app will be accessing another person's eBay account. It's an interactive process and requires the account owner's permission to get the access token the 1st time. After that, it can be refreshed indefinitely without user interaction.
The client credentials grant flow (https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html) This is where you access your own eBay account. It's non-interactive and you can do it in automated services where user-interaction is not possible.

For more information, see https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html

Chilkat ActiveX Downloads

ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @oauth2 int
    -- Use "Chilkat_9_5_0.OAuth2" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.OAuth2', @oauth2 OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @success int

    -- See the Ebay documentation about Access token types
    -- Also see the Ebay documentation about authorization code grant flow

    -- Ebay OAuth2 only allows for SSL/TLS with localhost redirect URLs (i.e. https://localhost:<portNumber>/)
    -- 
    -- We want the access token to come back to your desktop app, but without TLS (the redirect from your local browser to 
    -- your application does not traverse a network (both are on localhost), and therefore no TLS is necessary).
    -- To get around the https problem, you'll need to script
    -- on your web server to respond with it's own redirect.  Think of it this way:  If Ebay won't redirect to http://localhost:<portNumber>,
    -- then just setup a web server script that will send a redirect response to http://localhost:<portNumber>

    -- This script can be written in C#, PHP, or whatever desired.  It must include the query string in the redirection.
    -- For example, in PHP your script would look like this:

    -- <?php
    --   header( 'Location: http://localhost:3017?' . $_SERVER['QUERY_STRING'] );
    -- ?>

    -- Ebay is odd in that it wants the redirect URL indirectly.
    -- You need to provide the RuName (eBay Redirect URL name)
    EXEC sp_OASetProperty @oauth2, 'AppCallbackUrl', 'Chilkat_Softwar-ChilkatS-chilka-qydjs'
    EXEC sp_OASetProperty @oauth2, 'ListenPort', 3017

    EXEC sp_OASetProperty @oauth2, 'AuthorizationEndpoint', 'https://auth.sandbox.ebay.com/oauth2/authorize'
    EXEC sp_OASetProperty @oauth2, 'TokenEndpoint', 'https://api.sandbox.ebay.com/identity/v1/oauth2/token'

    -- Replace these with actual values.
    EXEC sp_OASetProperty @oauth2, 'ClientId', 'EBAY_CLIENT_ID'
    EXEC sp_OASetProperty @oauth2, 'ClientSecret', 'EBAY_CLIENT_SECRET'
    EXEC sp_OASetProperty @oauth2, 'UseBasicAuth', 1
    EXEC sp_OASetProperty @oauth2, 'CodeChallenge', 0

    -- The scope query param indicates the access to be provided by the token.
    -- Multiple scopes can be specified by separating each with a SPACE char.
    -- See the Ebay OAuth scopes documentation

    EXEC sp_OASetProperty @oauth2, 'Scope', 'https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/buy.order.readonly https://api.ebay.com/oauth/api_scope/buy.guest.order https://api.ebay.com/oauth/api_scope/sell.marketing.readonly https://api.ebay.com/oauth/api_scope/sell.marketing https://api.ebay.com/oauth/api_scope/sell.inventory.readonly https://api.ebay.com/oauth/api_scope/sell.inventory https://api.ebay.com/oauth/api_scope/sell.account.readonly https://api.ebay.com/oauth/api_scope/sell.account https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly https://api.ebay.com/oauth/api_scope/sell.fulfillment https://api.ebay.com/oauth/api_scope/sell.analytics.readonly https://api.ebay.com/oauth/api_scope/sell.marketplace.insights.readonly https://api.ebay.com/oauth/api_scope/commerce.catalog.readonly https://api.ebay.com/oauth/api_scope/buy.shopping.cart https://api.ebay.com/oauth/api_scope/buy.offer.auction'

    -- Begin the OAuth2 three-legged flow.  This returns a URL that should be loaded in a browser.
    DECLARE @url nvarchar(4000)
    EXEC sp_OAMethod @oauth2, 'StartAuth', @url OUT
    EXEC sp_OAGetProperty @oauth2, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 <> 1
      BEGIN
        EXEC sp_OAGetProperty @oauth2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END


    PRINT 'url = ' + @url

    -- At this point, your application should load the URL in a browser.
    -- For example, 
    -- in C#: System.Diagnostics.Process.Start(url);
    -- in Java: Desktop.getDesktop().browse(new URI(url));
    -- in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
    --              wsh.Run url
    -- in Xojo: ShowURL(url)  (see http://docs.xojo.com/index.php/ShowURL)
    -- in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl        
    -- The Ebay account owner would interactively accept or deny the authorization request.

    -- Add the code to load the url in a web browser here...
    -- Add the code to load the url in a web browser here...
    -- Add the code to load the url in a web browser here...

    -- Now wait for the authorization.
    -- We'll wait for a max of 60 seconds.
    DECLARE @numMsWaited int
    SELECT @numMsWaited = 0
    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    WHILE (@numMsWaited < 60000) and (@iTmp0 < 3)
      BEGIN
        EXEC sp_OAMethod @oauth2, 'SleepMs', NULL, 100
        SELECT @numMsWaited = @numMsWaited + 100
      END

    -- If there was no response from the browser within 60 seconds, then 
    -- the AuthFlowState will be equal to 1 or 2.
    -- 1: Waiting for Redirect. The OAuth2 background thread is waiting to receive the redirect HTTP request from the browser.
    -- 2: Waiting for Final Response. The OAuth2 background thread is waiting for the final access token response.
    -- In that case, cancel the background task started in the call to StartAuth.
    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    IF @iTmp0 < 3
      BEGIN
        EXEC sp_OAMethod @oauth2, 'Cancel', @success OUT

        PRINT 'No response from the browser!'
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END

    -- Check the AuthFlowState to see if authorization was granted, denied, or if some error occurred
    -- The possible AuthFlowState values are:
    -- 3: Completed with Success. The OAuth2 flow has completed, the background thread exited, and the successful JSON response is available in AccessTokenResponse property.
    -- 4: Completed with Access Denied. The OAuth2 flow has completed, the background thread exited, and the error JSON is available in AccessTokenResponse property.
    -- 5: Failed Prior to Completion. The OAuth2 flow failed to complete, the background thread exited, and the error information is available in the FailureInfo property.
    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    IF @iTmp0 = 5
      BEGIN

        PRINT 'OAuth2 failed to complete.'
        EXEC sp_OAGetProperty @oauth2, 'FailureInfo', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END

    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    IF @iTmp0 = 4
      BEGIN

        PRINT 'OAuth2 authorization was denied.'
        EXEC sp_OAGetProperty @oauth2, 'AccessTokenResponse', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END

    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    IF @iTmp0 <> 3
      BEGIN

        EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
        PRINT 'Unexpected AuthFlowState:' + @iTmp0
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END

    -- Save the full JSON access token response to a file.
    DECLARE @sbJson int
    -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJson OUT

    EXEC sp_OAGetProperty @oauth2, 'AccessTokenResponse', @sTmp0 OUT
    EXEC sp_OAMethod @sbJson, 'Append', @success OUT, @sTmp0
    EXEC sp_OAMethod @sbJson, 'WriteFile', @success OUT, 'qa_data/tokens/ebay-access-token.json', 'utf-8', 0

    -- The full JSON received looks like this:
    -- {
    --   "access_token": "v^1.1#i^1#p^3#f^0#I^3#r^0#t^H4sIAAA... 3+fBIAAA==",
    --   "expires_in": 7200,
    --   "refresh_token": "v^1.1#i^1#f^0#p^3#r^1#I^3#t^Ul4xMF8wOkIxQzAzQjg1ND ... fMSNFXjEyODQ=",
    --   "refresh_token_expires_in": 47304000,
    --   "token_type": "User Access Token"
    -- }


    PRINT 'OAuth2 authorization granted!'

    EXEC sp_OAGetProperty @oauth2, 'AccessToken', @sTmp0 OUT
    PRINT 'Access Token = ' + @sTmp0

    EXEC @hr = sp_OADestroy @oauth2
    EXEC @hr = sp_OADestroy @sbJson


END
GO