Search code examples
node.jsexpressoauthintuit-partner-platform

Confusion with Intuit Oauth authorisation flow: how to I extract auth code and exchange for tokens?

I'm building a React-Node application to access QuickBooks APIs, and my first step is to set up the authorisation flow from my node backend, using the intuit-oauth library. I'm using the OAuth2.0-demo-nodejs sample app as my template (https://github.com/IntuitDeveloper/OAuth2.0-demo-nodejs).

So the first step is to create an authorisation request. Instead of building UI where users enter their details, I've hardcoded in my app's keys:

app.get("/authUri", urlencodedParser, (req, res) => {
  oauthClient = new OAuthClient({
    clientId: "*****",
    clientSecret: "*****",
    environment: "sandbox",
    redirectUri: "http://localhost:8000/callback",
  });

  const authUri = oauthClient.authorizeUri({
    scope: [OAuthClient.scopes.Accounting],
    state: "intuit-test",
  });
  res.send(`this is authUri: ${authUri}`);
});

This code is working as it should and is returning authUri. However, what to do next is confusing me. The documentation says that I should receive back an authorisation code which then needs to converted into a token, and in the sample app, the code to perform this is as follows:

app.get('/callback', function(req, res) {

    oauthClient.createToken(req.url)
       .then(function(authResponse) {
             oauth2_token_json = JSON.stringify(authResponse.getJson(), null,2);
         })
        .catch(function(e) {
             console.error(e);
         });

    res.send('');

});

I've also read in the documentation that I need to redirect users to an authorisation page, create a UI that initiates a redirect, and then get the authorisation code (https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0). So I vaguely understand this but am having knowing where to start after sending the authorization request. Suggestions?

Solution

  • In the OAuth 2.0 Authorization Code flow, after initiating the authorization request, the enduser gets redirected to the login page and enters his credentials. Then he gets redirected to the callback_uri (redirect_uri) with the code parameter. After that, you have to make a Post Request to the /token endpoint and send the code. When all goes correct you get an AccessToken.

    Authorization Code Grant