Authorization discovery documents

If you’re setting up OAuth 2.0 or OpenID Connect, you may need to use URLs and base URIs for tasks like authorization requests.

Use the discovery documents to get the latest endpoint URLs for authorization requests, access tokens, user info, public keys, and field values for OAuth 2.0 and OpenID Connect.

Get URLs from the discovery documents
Call a discovery document

If you’re developing with a QuickBooks SDK

Here’s how to quickly get discovery document info using a supported SDK:

.NET

Java

PHP

Node.js

Python

Ruby

1
2
3
// .Net OAuth2 Client gets the Discovery document as part of OAuth2Client object
public static OAuth2Client auth2Client = new OAuth2Client(“clientid”, “clientsecret”, “redirectUrl”, “environment”);
DiscoveryResponse discoveryDoc = auth2Client.DiscoverπyDoc;


1
2
//change environment enum to PRODUCTION to access Discovery document in production environment
DiscoveryAPIResponse discoveryAPIResponse = new DiscoveryAPIClient().callDiscoveryAPI(Environment.SANDBOX);


1
// PHP SDK store the discorveryDoc in the constants. No need to get it.


1
// Node.js client library stores URLs, no additional calls needed.


1
# Python client gets discovery documents as part of the constructor, no additional calls needed


1
# Oauth ruby client stores discovery doc details.  No call needed.

If you’re creating an HTTPS/REST request manually

Send a GET request to the discovery document endpoint. Here’s a sample request:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
GET https://developer.api.intuit.com/.well-known/openid_configuration HTTP/1.1
Accept: application/json

{
   issuer:"https://oauth.platform.intuit.com/op/v1",
   authorization_endpoint:"https://appcenter.intuit.com/connect/oauth2",
   token_endpoint:"https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer",
   userinfo_endpoint:"https://accounts.intuit.com/v1/openid_connect/userinfo",
   revocation_endpoint:"https://developer.API.intuit.com/v2/oauth2/tokens/revoke",
   jwks_uri:"https://oauth.platform.intuit.com/op/v1/jwks",
   response_types_supported:[
      "code"
   ],
   subject_types_supported:[
      "public"
   ],
   id_token_signing_alg_values_supported:[
      "RS256"
   ],
   scopes_supported:[
      "openid",
      "email",
      "profile",
      "address",
      "phone"
   ],
   token_endpoint_auth_methods_supported:[
      "client_secret_post",
      "client_secret_basic"
   ],
   claims_supported:[
      "aud",
      "exp",
      "iat",
      "iss",
      "realmId",
      "sub"
   ]
}