(Unicode C++) Quickbooks OAuth1 Authorization (3-legged)

Demonstrates 3-legged OAuth1 authorization for Quickbooks.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <CkHttpW.h>
#include <CkHttpRequestW.h>
#include <CkHttpResponseW.h>
#include <CkHashtableW.h>
#include <CkStringBuilderW.h>
#include <CkSocketW.h>
#include <CkTaskW.h>
#include <CkJsonObjectW.h>
#include <CkFileAccessW.h>

void ChilkatSample(void)
    {
    const wchar_t *consumerKey = L"QUICKBOOKS_CONSUMER_KEY";
    const wchar_t *consumerSecret = L"QUICKBOOKS_CONSUMER_SECRET";

    const wchar_t *requestTokenUrl = L"https://oauth.intuit.com/oauth/v1/get_request_token";
    const wchar_t *authorizeUrl = L"https://appcenter.intuit.com/Connect/Begin";
    const wchar_t *accessTokenUrl = L"https://oauth.intuit.com/oauth/v1/get_access_token";

    // The port number is picked at random. It's some unused port that won't likely conflict with anything else..
    const wchar_t *callbackUrl = L"http://localhost:3017/";
    int callbackLocalPort = 3017;

    // The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
    CkHttpW http;
    bool success;

    http.put_OAuth1(true);
    http.put_OAuthConsumerKey(consumerKey);
    http.put_OAuthConsumerSecret(consumerSecret);
    http.put_OAuthCallback(callbackUrl);

    CkHttpRequestW req;
    CkHttpResponseW *resp = http.PostUrlEncoded(requestTokenUrl,req);
    if (http.get_LastMethodSuccess() != true) {
        wprintf(L"%s\n",http.lastErrorText());
        return;
    }

    if (resp->get_StatusCode() >= 400) {
        wprintf(L"Error response status code = %d\n",resp->get_StatusCode());
        wprintf(L"%s\n",resp->bodyStr());
        return;
    }

    // If successful, the resp.BodyStr contains this:  
    // oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
    wprintf(L"%s\n",resp->bodyStr());

    CkHashtableW hashTab1;
    hashTab1.AddQueryParams(resp->bodyStr());

    const wchar_t *requestToken = hashTab1.lookupStr(L"oauth_token");
    const wchar_t *requestTokenSecret = hashTab1.lookupStr(L"oauth_token_secret");
    http.put_OAuthTokenSecret(requestTokenSecret);

    delete resp;

    wprintf(L"oauth_token = %s\n",requestToken);
    wprintf(L"oauth_token_secret = %s\n",requestTokenSecret);

    // ---------------------------------------------------------------------------
    // The next step is to form a URL to send to the AuthorizeUrl
    // This is an HTTP GET that we load into a popup browser.
    CkStringBuilderW sbUrlForBrowser;
    sbUrlForBrowser.Append(authorizeUrl);
    sbUrlForBrowser.Append(L"?oauth_token=");
    sbUrlForBrowser.Append(requestToken);
    const wchar_t *urlForBrowser = sbUrlForBrowser.getAsString();

    // When the urlForBrowser is loaded into a browser, the response from Quickbooks will redirect back to localhost:3017
    // We'll need to start a socket that is listening on port 3017 for the callback from the browser.
    CkSocketW listenSock;

    int backLog = 5;
    success = listenSock.BindAndListen(callbackLocalPort,backLog);
    if (success != true) {
        wprintf(L"%s\n",listenSock.lastErrorText());
        return;
    }

    // Wait for the browser's connection in a background thread.
    // (We'll send load the URL into the browser following this..)
    // Wait a max of 60 seconds before giving up.
    int maxWaitMs = 60000;
    CkTaskW *task = listenSock.AcceptNextConnectionAsync(maxWaitMs);
    task->Run();

    //  At this point, your application should load the URL in a browser.
    //  For example,
    //  in C#:  System.Diagnostics.Process.Start(urlForBrowser);
    //  in Java: Desktop.getDesktop().browse(new URI(urlForBrowser));
    //  in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
    //               wsh.Run urlForBrowser
    // in Xojo: ShowURL(url)  (see http://docs.xojo.com/index.php/ShowURL)
    // in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl        
    //  The Quickbooks account owner would interactively accept or deny the authorization request.

    //  Add the code to load the url in a web browser here...
    //  Add the code to load the url in a web browser here...
    //  Add the code to load the url in a web browser here...
    // System.Diagnostics.Process.Start(urlForBrowser);

    // Wait for the listenSock's task to complete.
    success = task->Wait(maxWaitMs);
    if (!success || (task->get_StatusInt() != 7) || (task->get_TaskSuccess() != true)) {
        if (!success) {
            // The task.LastErrorText applies to the Wait method call.
            wprintf(L"%s\n",task->lastErrorText());
        }
        else {
            // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
            wprintf(L"%s\n",task->status());
            wprintf(L"%s\n",task->resultErrorText());
        }

        delete task;
        return;
    }

    // If we get to this point, the connection from the browser arrived and was accepted.

    // We no longer need the listen socket...
    // Close it so that it's no longer listening on port 3017.
    listenSock.Close(10);

    // The first thing to do is to get the connected socket.
    CkSocketW sock;
    sock.LoadTaskResult(*task);
    delete task;

    // Read the start line of the request..
    const wchar_t *startLine = sock.receiveUntilMatch(L"\r\n");
    if (sock.get_LastMethodSuccess() != true) {
        wprintf(L"%s\n",sock.lastErrorText());
        return;
    }

    // Read the request header.
    const wchar_t *requestHeader = sock.receiveUntilMatch(L"\r\n\r\n");
    if (sock.get_LastMethodSuccess() != true) {
        wprintf(L"%s\n",sock.lastErrorText());
        return;
    }

    // The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
    // Once the request header is received, we have all of it.
    // We can now send our HTTP response.
    CkStringBuilderW sbResponseHtml;
    sbResponseHtml.Append(L"<html><body><p>Chilkat thanks you!</b></body</html>");

    CkStringBuilderW sbResponse;
    sbResponse.Append(L"HTTP/1.1 200 OK\r\n");
    sbResponse.Append(L"Content-Length: ");
    sbResponse.AppendInt(sbResponseHtml.get_Length());
    sbResponse.Append(L"\r\n");
    sbResponse.Append(L"Content-Type: text/html\r\n");
    sbResponse.Append(L"\r\n");
    sbResponse.AppendSb(sbResponseHtml);

    sock.SendString(sbResponse.getAsString());
    sock.Close(50);

    // The information we need is in the startLine.
    // For example, the startLine will look like this:
    //  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
    CkStringBuilderW sbStartLine;
    sbStartLine.Append(startLine);
    int numReplacements = sbStartLine.Replace(L"GET /?",L"");
    numReplacements = sbStartLine.Replace(L" HTTP/1.1",L"");
    sbStartLine.Trim();

    // oauth_token=qyprdP04IrTDIXtP1HRZz0geQdjXHVlGDxXPexlXZsjZNRcY&oauth_verifier=arx5pj5&realmId=193514465596199&dataSource=QBO
    wprintf(L"startline: %s\n",sbStartLine.getAsString());

    hashTab1.Clear();
    hashTab1.AddQueryParams(sbStartLine.getAsString());

    requestToken = hashTab1.lookupStr(L"oauth_token");
    const wchar_t *authVerifier = hashTab1.lookupStr(L"oauth_verifier");

    // ------------------------------------------------------------------------------
    // Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

    http.put_OAuthToken(requestToken);
    http.put_OAuthVerifier(authVerifier);
    resp = http.PostUrlEncoded(accessTokenUrl,req);
    if (http.get_LastMethodSuccess() != true) {
        wprintf(L"%s\n",http.lastErrorText());
        return;
    }

    // Make sure a successful response was received.
    if (resp->get_StatusCode() != 200) {
        wprintf(L"%s\n",resp->statusLine());
        wprintf(L"%s\n",resp->header());
        wprintf(L"%s\n",resp->bodyStr());
        return;
    }

    // If successful, the resp.BodyStr contains something like this:
    // oauth_token=12347455-ffffrrlaBdCjbdGfyjZabcdb5APNtuTPNabcdEpp&oauth_token_secret=RxxxxJ8mTzUhwES4xxxxuJyFWDN8ZfHmrabcddh88LmWE
    wprintf(L"%s\n",resp->bodyStr());

    CkHashtableW hashTab2;
    hashTab2.AddQueryParams(resp->bodyStr());

    const wchar_t *accessToken = hashTab2.lookupStr(L"oauth_token");
    const wchar_t *accessTokenSecret = hashTab2.lookupStr(L"oauth_token_secret");

    delete resp;

    // The access token + secret is what should be saved and used for
    // subsequent REST API calls.
    wprintf(L"Access Token = %s\n",accessToken);
    wprintf(L"Access Token Secret = %s\n",accessTokenSecret);

    // Save this access token for future calls.
    CkJsonObjectW json;
    json.AppendString(L"oauth_token",accessToken);
    json.AppendString(L"oauth_token_secret",accessTokenSecret);

    // Also save the realmId and dataSource from hashTab1.
    const wchar_t *realmId = hashTab1.lookupStr(L"realmId");
    wprintf(L"realmId = %s\n",realmId);
    const wchar_t *dataSource = hashTab1.lookupStr(L"dataSource");
    wprintf(L"dataSource = %s\n",dataSource);

    json.AppendString(L"realmId",realmId);
    json.AppendString(L"dataSource",dataSource);

    CkFileAccessW fac;
    fac.WriteEntireTextFile(L"qa_data/tokens/quickbooks.json",json.emit(),L"utf-8",false);

    wprintf(L"Success.\n");
    }