Page 1 of 1

OAuth2.0 / OpenID authentication and authorization

Posted: Mon Dec 10, 2018 5:30 pm
by ccarmac
Everyone,

I am attempting to start the process of integrating my Xbase++ desktop application with the QuickBooks Online accounting package, made by Intuit. All communication between my desktop app and QB Online will occur via web services. According to the documentation on their developer website, the QuickBooks Online API uses the OAuth 2.0 protocol for authentication and authorization. The documentation provided some links that describe the process…

OAuth2.0 protocol - https://tools.ietf.org/html/rfc6749
OpenID Connect - https://openid.net/connect/
Intuit documentation describing how to use OAuth2.0 and OpenID Connect - https://developer.intuit.com/app/develo ... th-library

Have any of you developed any applications that require this? Does Express++ (or Xbase++) support authentication and authorization for web sites using the OAuth2.0 protocol and OpenID Connect? If so, is there any documentation available that would show me how to use it within my Xbase++ code?

Any assistance will be greatly appreciate. Thanks!

Re: OAuth2.0 / OpenID authentication and authorization

Posted: Mon Dec 10, 2018 8:59 pm
by patito
Hi

If you can make use of Alaska xbase and express
You must use external software such as Chilkat ( Activex for Rest and Oauth2)
Example
#include "xbp.ch"
#include "Dll.ch"
// *******************************************************************************
#pragma Library("Ascom10.lib")
// *******************************************************************************
PROCEDURE main()
LOCAL oRest ,nSuccess , nBTls
LOCAL nPort, nBAutoReconnect , cStrResponseBody , nRespStatusCode

oRest = CreateObject('Chilkat_9_5_0.Rest')
* URL: http
nBTls = 0
nPort = 80
nBAutoReconnect = 1
nSuccess = oRest:Connect("http",nPort,nBTls,nBAutoReconnect)
IF (nSuccess <> 1)
? "ConnectFailReason: " + STR(oRest:ConnectFailReason)
? oRest:LastErrorText
RELEASE oRest
ENDIF
oRest:AddQueryParam("client_id","xxx")
oRest:AddQueryParam("username","xxx")
oRest:AddQueryParam("password","xxx")
oRest:AddQueryParam("grant_type","password")

cStrResponseBody = oRest:FullRequestFormUrlEncoded("POST","/")
IF (oRest.LastMethodSuccess <> 1)
? oRest:LastErrorText
RELEASE oRest
ENDIF
nRespStatusCode = oRest:ResponseStatusCode
IF (nRespStatusCode >= 400)
? "Response Status Code = " + STR(nRespStatusCode)
? "Response Header:"
? loRest.ResponseHeader
? "Response Body:"
? lcStrResponseBody
RELEASE oRest
ENDIF
RELEASE oRest

And you can also use the activex , xb2net, and maybe the Alaska xbase 2 version, which I don't know much about.

Example, Calendar Google with Alaska xbase++

cClient_ID := GC_CLIENT_ID
cClient_Secret := GC_CLIENT_SECRET
cRedirect_Uri := "urn:ietf:wg:oauth:2.0:oob:auto"

xhr := CREATEOBJECT("Microsoft.XMLHTTP")
xhr:Open("post", cURL, cAsyncMode, cUser, cPassword )
xhr:setRequestHeader('Content-Type', 'application/x-www-form-urlencoded')


Best Regard
Héctor Pezoa

Re: OAuth2.0 / OpenID authentication and authorization

Posted: Mon Dec 10, 2018 9:07 pm
by patito
Hi

Excuse me.
I make a correction to the previous code

LOCAL oRest ,nSuccess , nBTls ,nPort , nBAutoReconnect ,cStrResponseBody , nRespStatusCode
oRest = CreateObject('Chilkat_9_5_0.Rest')
* URL: http://localhost:8080/auth/realms/sprin ... introspect
nBTls = 0
nPort = 8080
nBAutoReconnect = 1
nSuccess = oRest:Connect("localhost",lnPort,lnBTls,lnBAutoReconnect)
IF (nSuccess <> 1)
? "ConnectFailReason: " + STR(oRest:ConnectFailReason)
? oRest:LastErrorText
RELEASE oRest
ENDIF

oRest:AddQueryParam("client_secret","YOUR_SECRET9")
oRest:AddQueryParam("client_id","product- app")
oRest:AddQueryParam("username","user")
oRest:AddQueryParam("token","YOUR_TOKEN")

cStrResponseBody = oRest:FullRequestFormUrlEncoded("POST","/auth/realms/springdemo/protocol/openid-connect/token/introspect")
IF (oRest:LastMethodSuccess <> 1)
? oRest:LastErrorText
RELEASE loRest
ENDIF

nRespStatusCode = oRest:ResponseStatusCode
IF (nRespStatusCode >= 400)
? "Response Status Code = " + STR(nRespStatusCode)
? "Response Header:"
? oRest.ResponseHeader
? "Response Body:"
? cStrResponseBody
RELEASE oRest
ENDIF
RELEASE oRest

Best Regard
Héctor

Re: OAuth2.0 / OpenID authentication and authorization

Posted: Tue Dec 11, 2018 3:27 am
by reganc
And further to Héctor's post, the chilkat website has the following:

https://www.example-code.com/vbscript/q ... op_app.asp

An example of using Chilkat to do the OAuth 2 auth for Quickbooks.

I use this library and I find it very easy to get on with.

Re: OAuth2.0 / OpenID authentication and authorization

Posted: Tue Dec 11, 2018 7:56 am
by rdonnay
Chilkat products are very good.

I use their SFTP client.

Very well documented too.

Re: OAuth2.0 / OpenID authentication and authorization

Posted: Tue Dec 11, 2018 10:02 am
by skiman
Hi,

I can confirm that this is a very good product. It saved me days of developing for all kind of functions which would be very hard to accomplish. Their samples makes it very easy to implement it.
Well worth the money.

Re: OAuth2.0 / OpenID authentication and authorization

Posted: Tue Dec 11, 2018 11:26 am
by patito
Hi Chris

Chilkat's attention is excellent.
Matt Fausey, Chilkat executive, solves any query, and responds almost immediately.
Expert in cryptography, electronic invoice signature xades, xades-epes, xmldsing 509 etc
It also offers online tools, which solves conversions like curl to http, json, xml , etc etc
https://tools.chilkat.io/

Best Regard
Hector Pezoa

Hi Hector,
Here's the new build for the ActiveX: https://chilkatdownload.com/prerelease/....
Best Regards,
Matt Fausey
Chilkat Software, Inc.

Re: OAuth2.0 / OpenID authentication and authorization

Posted: Tue Dec 11, 2018 11:54 am
by ccarmac
Everyone, thanks for the quick replies. I'm familiar with Chilkat's products. We use their SFTP client, and have had good success with it. I didn't realize that they also had something to handle OAuth2 authentication. I will definitely check that out. I really appreciate the code samples and links posted here - those will be a huge help! :D