Add Intuit single sign on for the app store

The information in this section is for apps preparing to be listed on the QuickBooks app store. When published, your app is available to your users via the Get App Now button from your app card. In this model, the Get App Now button (implemented by Intuit) seamlessly initiates both user authentication and authorization workflows.

The user initiates the sign in process by finding your app, either on the QuickBooks app store or from the QuickBooks Online Apps tab, and clicking the Get App Now button. If the user is not already logged into their QuickBooks account, they are prompted for their Intuit ID and password. Control is then redirected to your app’s Intuit single sign-on endpoint, as defined in the app’s settings on developer.intuit.com. From there:

OAuth 2.0/OpenID Connect integrations

Prerequisites

Define the connect request URL: This step is used to enable connections from the QuickBooks app store via the Get App Now button.
The code at this URL is responsible for setting up the OAuth request with correct scopes and params and for redirecting to the OAuth request endpoint. Navigate to the app’s Settings page, scroll down to Connect Request URL in the Publish on QuickBooks App Store section, and enter the URL.

Implement the Connect Request URL endpoint

The Connect Request URL endpoint, as defined in the app’s settings on developer.intuit.com, is the location in your app to which Intuit OAuth 2.0 service redirects your user after they click the Get App Now button. Code at this endpoint initiates a request to the Intuit OAuth 2.0 server to both authenticate the user and to authorize your app’s access to your user’s QuickBooks company. Specify OpenID Connect authentication scopes along with one or both of the following authorization scopes:

  • com.intuit.QuickBooks.accounting—QuickBooks Online API
  • com.intuit.QuickBooks.payment—QuickBooks Payments API

OAuth 1.0a/OpenID 2.0 integrations

Prerequisites

Define the OpenID URL: This step is used to enable connections from the QuickBooks app store via the Get App Now button.
The code at this URL is responsible for setting up the OAuth request and for redirecting to the OAuth request endpoint. Navigate to the app’s Settings page, scroll down to OpenID URL in the Publish on QuickBooks App Store section, and enter the URL.

Implement the OpenID URL endpoint

The OpenID URL endpoint, as defined in the app’s settings on developer.intuit.com, is the location in your app to which Intuit OpenID services redirects your user after they click the Get App Now button. You provide code at this endpoint to perform the following tasks:

  • Initiate the Intuit single sign-on workflow using the validated user information returned by Intuit OpenID services. See Implement OpenID for details.
  • Using the authenticated user information returned from the OpenID workflow, auto provision a user account or map to an existing user account.
  • Call directConnectToIntuit() to initiate the OAuth workflow.

Implement the OAuth authorization workflow

The call to directConnectToIntuit() redirects the user to the location in your code that implements the OAuth workflow. It’s as if the user clicked the Connect to QuickBooks button directly on your app. You provide code at this endpoint to implement the OAuth workflow. See Implement OAuth1.0a for details.

Test QuickBooks app store connect

For apps published on the QuickBooks app store, the user starts the app subscription and OpenID flow by clicking the Get app now button on the app card for the published app. To simulate this flow before your app is published, perform these steps:

  1. From developer.intuit.com, select the My Apps tab and click on your app. The app’s dashboard is displayed.

    qbo/docs/develop/authentication-and-authorization/Dashboard.jpg
  1. In the Resources section click on the link labeled Test in production. The Create your account dialog may be displayed if the customer is not already signed in to their QuickBooks cmopany. If not already signed in, your customer can create an account or use their existing Intuit account.

    qbo/docs/develop/authentication-and-authorization/CreateYourAccount.jpg
  2. After the user is signed in, the QuickBooks company selector is displayed. If the user has only one company in his account, this dialog is omitted from the workflow.

    qbo/docs/develop/authentication-and-authorization/CompanySelector.jpg
  3. After the user selects a company, the authorize dialog is displayed.

    qbo/docs/develop/authentication-and-authorization/AuthorizeAppStore.jpg

Click Authorize and verify that the app’s landing page, as defined with the Launch URL in your app settings, appears.