Oauth Workflow for Quickbooks App

bsbechtel · December 10, 2015, 8:23pm

I’ve spent the majority of the day researching Oauth, and how to connect Quickbooks with my app. This is an internal company app I want to connect with our company’s Quickbooks account in order to automate much of our accounting workflow.

I have a pretty good idea of what I need to do, but I’m not really sure what APIs I need in order to do it. My guess is they are part of the core… @sashko, it looks like you have worked on quite a few of the Oauth packages, so if you could point me in the right direction, that would be a huge help. I am guessing I need to add Oauth to my project, but I’m not sure about any others.

Quickbooks uses Oauth 1.0, and I plan/am hoping to use the node-quickbooks npm package to access the API. However, I’m not really having any luck translating the node-quickbooks authentication example to Meteor. There is a Quickbooks atmosphere package, but little documentation around it and it appears to no longer be maintained.

From what I gathered today, I need to implement a multi-step request/response workflow with several Quickbooks URLS to:

Generate a request token when the user clicks a ‘connect to quickbooks’ button
Process request token on my server, and redirect user to a Quickbooks app authorization page
When user authorizes app, save an oauth_token, oauth_token_secret, and realmid on my server (preferably encrypted?).
Create a new Quickbooks object using all of Oauth’s keys provided to me.

Any resources that can help in learning more about how Meteor handles Oauth would be a great help. Thank you!

lucfranken · December 10, 2015, 8:30pm

In the current version 1.2 of Meteor you have to wrap the NPM package if you want to use that which seems to make sense in this case. If you Google on that you will find some more info on how to do that. https://www.discovermeteor.com/blog/wrapping-npm-packages/

In 1.3 it seems NPM packages can be used native which makes things much easier. So it might be interesting to research that a bit more before investing too much time in wrapping.

Interesting examples of oauth can be found in the core packages: https://github.com/meteor/meteor/tree/devel/packages/twitter
Be aware that there are 2 packages: twitter and accounts-twitter. Same as with google etcetera. But first I would focus on that NPM package since that one seems to be very well maintained and might save you lots of time.

sashko · December 10, 2015, 8:31pm

This is hilarious - I was literally just working on the accounts guide article today. Unfortunately I don’t know as much about implementing a custom login service on top of the oauth packages as it may seem.

@robfallows seems to have experience doing this: https://github.com/meteor/guide/issues/35#issuecomment-149536321

I really want to write a short part of the guide about how to do this, let’s see if we can work it out together.

sashko · December 10, 2015, 8:32pm

I’d guess that the oauth1 package would be a good starting point, but it’s not really documented at all: https://github.com/meteor/meteor/tree/devel/packages/oauth1

lucfranken · December 10, 2015, 8:43pm

yup that documentation still it’s doable to use them. It’s oAuth which is always way too complex.

@bsbechtel

github.com

mcohen01/node-quickbooks/blob/master/example/app.js

var http       = require('http'),
    port       = process.env.PORT || 3000,
    request    = require('request'),
    qs         = require('querystring'),
    util       = require('util'),
    bodyParser = require('body-parser'),
    cookieParser = require('cookie-parser'),
    session    = require('express-session'),
    express    = require('express'),
    app        = express(),
    QuickBooks = require('../index')


// Generic Express config
app.set('port', port)
app.set('views', 'views')
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}))
app.use(cookieParser('brad'))
app.use(session({resave: false, saveUninitialized: false, secret: 'smith'}));

This file has been truncated. show original

This example seems to indicate you need to implement a few routes with some calls to get a token you can use for the requests.

BUT

Before spending time on this stuff: You need to understand the direction. If I read your businesscase you might want to do just server - server communications. In that case you need to work on behalf of the user.

The Meteor accounts packages are more for single sign on like here:
https://developer.intuit.com/docs/0050_quickbooks_api/0020_authentication_and_authorization/0010_single_sign-on_overview

bsbechtel · December 10, 2015, 8:44pm

So I used meteorhacks:npm to include the node-quickbooks package, so when 1.3 comes out, it should be pretty easy to change that. As far as the Oauth goes though, I just want to connect to Quickbooks, so no Quickbooks accounts are necessary. @lucfranken, I was looking at the Facebook package, but couldn’t make sense of it, although I saw mentioned elsewhere Twitter was simpler, so maybe it’s better to start there.

@sashko, I’d be happy to help out where I can. I think the Oauth core package sits on top of oauth1, but I could be wrong. I think I might need the service-configuration package too?

bsbechtel · December 10, 2015, 8:49pm

Before spending time on this stuff: You need to understand the
direction. If I read your businesscase you might want to do just server -
server communications. In that case you need to work on behalf of the
user.

Yes We have one Quickbooks we want to connect to (our company’s), and we then want to use the API to do things such as send invoices, pay employees, etc. Here is the Quickbooks recipe I believe I want to follow: https://developer.intuit.com/docs/0150_payments/0060_authentication_and_authorization/connect_from_within_your_app I just can’t figure out how to do it in Meteor.

lucfranken · December 10, 2015, 8:53pm

No idea if it’s right:

They say you have some tool where you might get an access token for 150 days. That might, if true, save you from implementing oauth. It would work if you could enter that code here:

github.com

mcohen01/node-quickbooks/blob/master/example/app.js#L69


  oauth: {
    consumer_key:    consumerKey,
    consumer_secret: consumerSecret,
    token:           req.query.oauth_token,
    token_secret:    req.session.oauth_token_secret,
    verifier:        req.query.oauth_verifier,
    realmId:         req.query.realmId
  }
}
request.post(postBody, function (e, r, data) {
  var accessToken = qs.parse(data)
  console.log(accessToken)
  console.log(postBody.oauth.realmId)


  // save the access token somewhere on behalf of the logged in user
  qbo = new QuickBooks(consumerKey,
                       consumerSecret,
                       accessToken.oauth_token,
                       accessToken.oauth_token_secret,
                       postBody.oauth.realmId,
                       true, // use the Sandbox

bsbechtel · December 10, 2015, 8:59pm

That’s an interesting hack, though it might work (at least for development purposes). I’ll look into it a little further. Thanks!

bsbechtel · December 10, 2015, 10:25pm

@lucfranken, your suggestion got it working I ended up running the app.js example from the node-quickbooks package, and putting the oauth token and oauth token secret in my settings file. Then I just created a new Quickbooks object with the variables. This will at the very least help me keep moving forward on the development side of things until it’s time to ship. Once it goes into production, I’ll have to at the very least implement the renew method that Quickbooks provides to keep the token and token secret up to date. Many thanks!

lucfranken · December 13, 2015, 9:09am

Good to hear, good luck with your project!