130 lines
5.1 KiB
C#
130 lines
5.1 KiB
C#
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
|
|
|
|
namespace qbridge.Controllers
|
|
{
|
|
[Route("[controller]")]
|
|
[ApiController]
|
|
[Produces("application/json")]
|
|
public class OAuthRedirectController : ControllerBase
|
|
{
|
|
|
|
|
|
/*
|
|
|
|
QB Online developer account login creds for sandbox:
|
|
|
|
login: support@ayanova.com
|
|
pw: i8BREAKfast!
|
|
|
|
|
|
Development tokens for QBOI oAuth2 "AyaNova_QBOI_2"
|
|
|
|
https://developer.intuit.com/v2/ui#/app/appdetail/b7urd26wgx/b7urd26xgp/keys
|
|
|
|
ClientID
|
|
ABj70Wv5gDauFd9KgKFwuvpQjfzTwEgodEG8tnBbS8mSQhNrZJ
|
|
|
|
Client Secret
|
|
XUmJyvEcEuwQuyhARUAm0a8G3gzbEAeMiATCLyFZ
|
|
|
|
|
|
Sandbox:
|
|
https://c50.sandbox.qbo.intuit.com/app/homepage
|
|
sandbox company_us_1
|
|
sandbox-quickbooks.api.intuit.com
|
|
*/
|
|
public OAuthRedirectController()
|
|
{
|
|
|
|
}
|
|
|
|
// Redirect endpoint
|
|
//Step 4 here: https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/openid-connect
|
|
[HttpGet]
|
|
public IActionResult Get([FromQuery]string state, [FromQuery]string code)
|
|
{
|
|
//https://localhost:5001/oauthredirect?state=bar&code=foo
|
|
return Content($"State: {state}, Code: {code}");
|
|
}
|
|
|
|
[HttpGet("Start")]
|
|
public IActionResult Get()
|
|
{
|
|
string url = string.Empty;
|
|
var queryParams = new Dictionary<string, string>()
|
|
{
|
|
{"client_id", "ABj70Wv5gDauFd9KgKFwuvpQjfzTwEgodEG8tnBbS8mSQhNrZJ" },
|
|
{"scope", "openid" },
|
|
{"redirect_uri","https://localhost:5001/OAuthRedirect" },
|
|
{"response_type","code"},
|
|
{"state","MyUniqueStateID"}
|
|
};
|
|
|
|
url = Microsoft.AspNetCore.WebUtilities.QueryHelpers.AddQueryString("https://appcenter.intuit.com/connect/oauth2", queryParams);
|
|
// return Content($"AuthUrl: {url}");
|
|
return Redirect(url);
|
|
|
|
//will ask for login creds and permission then will redirect back to the Get method above with:
|
|
//State: MyUniqueStateID, Code: AB11569366500tshFDRPEuR28l4vTjpXWuwFldE44rMng98Gn9
|
|
|
|
//which in turn is *then* used to actually get the access token
|
|
//which is step 5 here: https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/openid-connect#step-5-exchange-authorization-code-to-obtain-id-token-and-access-token
|
|
}
|
|
|
|
|
|
/*
|
|
Plan:
|
|
Make a web APP and api that runs on our server and handles getting tokens from the QB Online oAuth2 endpoints
|
|
|
|
Docs for normal development are here: https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization
|
|
|
|
Tentative process:
|
|
|
|
Borrowing from the technique and concepts outlined here: http://relasoft.net/KB10004.html
|
|
and here: https://github.com/IntuitDeveloper/C2QB-library-for-Windows-CUI-and-GUI/issues/1#issuecomment-511172847
|
|
|
|
|
|
User runs QBOI plugin, if it needs a new access token then it shells out to browser (with random temp session ID number to uniquely identify this user) to go to *our* qBridge auth page.
|
|
User enters their creds to login to QBOnline instance.
|
|
QBridge passes creds (along with random session id as the extra parameter they allow) on to the QBOI auth page which when successful redirects browser to the QBridge page we've specified as the
|
|
"redirect url" with the tokens in the url and also our unique session ID which then shows the end user that it's success and stores the tokens somewhere (gonna need a db I guess) for fetching by QBOI.
|
|
|
|
Meanwhile, in the background, QBOI is polling a route on qbridge with the unique ID number looking for a return of the tokens it needs to proceed.
|
|
Once it fetches the "Access token" and "Refresh token" it needs successfully then it continues on to normal usage
|
|
|
|
If it gets a response that the token needs to be refreshed, it either hands this operation off to qBridge or does it itself (not sure at this point which way it's supposed to happen)
|
|
If the access token expires after 100 days or so then they repeat this process (automatically by QBOI)
|
|
|
|
|
|
*/
|
|
// POST: api/Todo
|
|
// [HttpPost]
|
|
// public async Task<ActionResult<QItem>> Post(QCreds creds)
|
|
// {
|
|
|
|
// var q = new QItem();
|
|
// q.Token1 = "Test token 1";
|
|
// q.Token2 = System.DateTime.Now.ToString();
|
|
// q.Token3 = creds.Login;
|
|
// return Ok(q);
|
|
// //return CreatedAtAction(nameof(GetTodoItem), new { id = item.Id }, item);
|
|
// }
|
|
|
|
// public class QCreds
|
|
// {
|
|
// public string Login { get; set; }
|
|
// public string Password { get; set; }
|
|
// }
|
|
|
|
|
|
// *************************************************************************************************************
|
|
|
|
|
|
|
|
}
|
|
} |