OAuth Ruby Client

Tutorial Objective

Here we will describe how to use the Intuit Ruby OAuth Client Library to generate access tokens for your QuickBooks Online company’s data. The Ruby OAuth Client Library provides a set of methods that make it easier to work with Intuit’s OAuth and OpenID protocol:

  • Generating Authorization URL
  • Getting OAuth2.0 Bearer Token
  • Getting User Info
  • Validating OpenID token
  • Refreshing OAuth2.0 Token
  • Revoking OAuth2.0 Token

If you are not familiar with the Intuit OAuth protocol, please refer to Authentication and authorization page for general information on OAuth.

Note: The Ruby OAuth client requires Ruby version >= 1.9.0 and RubyGem version >= 1.3.5

Installation

The Ruby OAuth library uses gem for installation. To install the library, run:

1
gem install 'intuit-oauth'

You can also go to the Ruby OAuth Client Library to download the source code and run:

1
gem build intuit-oauth.gemspec

to build your own gem if you want to modify certain functions in the library.

Create Client Instance

In order to start using the library, the first step is to create a client object. Instantiate the IntuitOAuth object with your app’s client_id, client_secret, redirectUrl and environment. Valid values for the environment include sandbox and production. Be sure your to set your redirect_uri in your app settings under the corresponding environment.

1
2
3
require 'intuit-oauth'

client = IntuitOAuth::Client.new('client_id', 'client_secret', 'redirectUrl', 'environment')
Generate Authorization URL

After the client is created, use the client object to generate the authorization URL by specifying scopes. The following is an example:

1
2
3
4
5
6
scopes = [
    IntuitOAuth::Scopes::ACCOUNTING
]

authorizationCodeUrl = oauth_client.code.get_auth_uri(scopes)
# => https://appcenter.intuit.com/connect/oauth2?client_id=clientId&redirect_uri=redirectUrl&response_type=code&scope=com.intuit.quickbooks.accounting&state=rMwcoDITc2N6FJsUGGO9

Redirect your users to the authorizationCodeUrl and an authorization code will be sent to the redirectUrl defined. The authorization code will be exchanged for an OAuth 2.0 access token later.

Exchange the token for an Intuit OAuth 2.0 token

Once the user has authorized your app, an authorization code will be sent to your RedirectURL defined in your client. Exchange the authorization code for an OAuth 2.0 token object.

1
result = oauth_client.token.get_bearer_token('The_authorization_code')
Refresh Token

Your app must keep track of when a stored access token can be used and when the token must be refreshed. Use the refresh method to refresh the token when the token has expired. Always store the latest refresh token returned. Below is an example of how to use the refresh method to refresh a token:

1
newToken = oauth_client.token.refresh_tokens('Your_refresh_token')
Revoke Token

If your app is disconnected by the user, you would need to revoke the token. Use revoke_tokens method to revoke the token:

1
trueOrFalse = oauth_client.token.revoke_tokens('the_token_you_want_to_revoke')
Get User Info for OpenID scope

If OpenID scope is set when you generate the authorization URL, you can use get_user_info to get the user information:

1
result=oauth_client.openid.get_user_info('accessToken')
Error handling and logging

In case of HTTP Errors, the client raises OAuth2ClientException which has properties status_code, intuit_tid, timestamp, etc which can used for troubleshooting or while contacting Support.

Example exception:

1
2
3
4
5
6
IntuitOAuth::OAuth2ClientException: HTTP status 400, error message: {"error":"invalid_grant"}, intuit_tid: 779610af-1c14-adfd-9c04-f0fd1dedb303 on Mon, 03 Dec 2018 22:32:57 GMT
from /usr/local/lib/ruby/gems/2.4.0/gems/intuit-oauth-0.0.1/lib/intuit-oauth/utils.rb:67:in 'build_response_object'
from /usr/local/lib/ruby/gems/2.4.0/gems/intuit-oauth-0.0.1/lib/intuit-oauth/transport.rb:46:in 'request'
from /usr/local/lib/ruby/gems/2.4.0/gems/intuit-oauth-0.0.1/lib/intuit-oauth/flow/token.rb:66:in 'refresh_tokens'
from (irb):19
from /usr/local/bin/irb:11:in '<main>'
A Complete Usage Example

The below example shows how to construct the IntuitOAuth Client and use it to generate an OAuth 2.0 token.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
require 'intuit-oauth'

client = IntuitOAuth::Client.new('client_id', 'client_secret', 'redirectUrl', 'environment')
scopes = [
    IntuitOAuth::Scopes::ACCOUNTING
]

authorizationCodeUrl = oauth_client.code.get_auth_uri(scopes)
# => https://appcenter.intuit.com/connect/oauth2?client_id=clientId&redirect_uri=redirectUrl&response_type=code&scope=com.intuit.quickbooks.accounting&state=rMwcoDITc2N6FJsUGGO9

oauth2Token = oauth_client.token.get_bearer_token('the authorization code returned from authorizationCodeUrl')
# => #<IntuitOAuth::ClientResponse:0x00007f9152b5c418 @access_token="the access token", @expires_in=3600, @refresh_token="the refresh token", @x_refresh_token_expires_in=8726400>