Context: I integrated a Node.js Smartsheet Oauth flow into my Django app by having the login button in django direct the user to the /auth url on the Node server. Once the flow is done and user logs in through Smartsheet, the redirect URL from the Smartsheet dev tools takes the user back to the Django website.
Objective: I am trying to access the user data, so that before they log in a variable called user = undefined, and after they log in the variable called user is an object with a set of user data that comes from the smartsheet API. This object would include: id, email, first name, last name, etc...
I have tried a few approaches:
Am I missing something obvious? How do I best grab user data from the user who has just logged in? I want to display their username for them, as well as mark their username to changes they make to the smartsheet files from the app.
Thanks for the help!
After the user chooses Allow in the popup dialog during the OAuth flow, Smartsheet redirects to the callback URL you specified, and includes a few query string parameters on the end of the callback URL. One of those parameters is the code parameter, a string value that you can subsequently use to obtain an API access token for that user.
For example, let's assume that this is the URL that the user is redirected to after they choose Allow in the popup dialog:
http://localhost:3000/callback?code=sample6p9qisx6a&expires_in=599080&state=MY_STATE
In this example, the value of the code parameter is sample6p9qisx6a.
At this point, you can issue a POST /token request to get an API access token for the user. The Request an Access Token section of the API docs describes how to issue this request. Notice that one of the parameters it requires is code -- set to the value of the code query string parameter received previously in the callback URL.
A successful response to the POST /token request will contain the property access_token as shown in this example:
{
"token": {
"access_token": "ll352u9jujauoqz4gstvsae05",
"token_type": "bearer",
"refresh_token": "e9x352a9mp4151le2505",
"expires_in": 604799
}
}
At this point, you can use the access token to issue a Get Current User request: GET users/me. Note that the access token is specified as part of the request's Authorization header, in this format (note: you'll replace the token ll352... in this example with the actual value of the access_token property you received in response to your previous POST /token request):
Authorization: Bearer ll352u9jujauoqz4gstvsae05
A successful response to the Get Current User request will be a UserProfile object that contains all info about the user:
{
"id": 48569348493401200,
"email": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"locale": "en_US",
"timeZone": "US/Pacific",
"account": {
"name": "Team Smartsheet",
"id": 942513719853956
},
"admin": true,
"licensedSheetCreator": true,
"groupAdmin": true,
"resourceViewer": true,
"jiraAdmin": false,
"salesforceAdmin": false,
"salesforceUser": false,
"alternateEmails": [
{
"id": 12345,
"email": "[email protected]",
"confirmed": true
}
],
"title": "Senior Sales Representative",
"department": "Marketing",
"company": "Smartsheet",
"workPhone": "",
"mobilePhone": "206 123-4567",
"role": "Sales",
"profileImage": {
"imageId": "u!1!8ljad7w9-aY!AsDeH0wWv1Y!y9VvAgUOFdg",
"height": 1050,
"width": 1050
},
"sheetCount": 3,
"lastLogin": "2016-08-15T18:32:47Z",
"customWelcomeScreenViewed": "2016-08-12T12:15:47Z"
}