1

I have a Magento 2.3 store that I'm trying to sync some data to Quickbooks Online. I've created a QBO App but this is my first time using oauth and I'm a bit confused on how to store and use the access / refresh tokens.

According to Quickbooks doc I need to store the latest refresh token:

Each access token can only be valid for an hour after its creation. If you try to make an API call after an hour with the same access token, the request will be blocked by QBO. That is what refresh token used for. It is used to request a new access token after access token expired, so you can still access to the QBO company after an hour. Just remember, whenever you make a refreshToken API call, always STORE THE LATEST REFRESH TOKEN value in your session or database. In QuickBooks Online OAuth 2 protocol, it is not the access token you should store, it is the refresh token you need to store.

So my question is, how do I properly store and call upon my refresh token to generate a new access token each time my API makes a call to sync data.

Currently, I'm directly using my OAuth tokens by hard coding them into my helper file:

<?php
namespace Company\Module\Helper;

use QuickBooksOnline\API\DataService\DataService;

class Data extends \Magento\Framework\App\Helper\AbstractHelper
{
  public function getConfigurationSetting()
  {
    $dataService = DataService::Configure(array(
      'auth_mode' => 'oauth2',
      'ClientID' => '<<my ClientID',
      'ClientSecret' => '<<my ClientSecret>>',
      'accessTokenKey' => 'xxxxxx',
      'refreshTokenKey' => 'xxxxxx',
      'QBORealmID' => "123xxxxxxx",
      'baseUrl' => 'Development'
    ));

    $OAuth2LoginHelper = $dataService->getOAuth2LoginHelper();
    $refreshedAccessTokenObj = $OAuth2LoginHelper->refreshToken();
    $error = $OAuth2LoginHelper->getLastError();
    if ($error){
      $dataService->throwExceptionOnError(true);
    } else {
      $dataService->updateOAuth2Token($refreshedAccessTokenObj);
    }
    return $dataService;
  }
}

And then I'm calling that from my controller:

<?php
namespace Company\Module\Observer;

use Magento\Framework\Event\ObserverInterface;
use QuickBooksOnline\API\DataService\DataService;

class CreateQbInvoice implements ObserverInterface
{

  protected $helperData;

  public function __construct(
    \Company\Module\Helper\Data $helperData
  ){
    $this->helperData = $helperData;
  }

  public function execute()
  {
    // Prep Data Services
    $dataService = $this->helperData->getConfigurationSetting();
...

Now this works until my access token expires and I need to generate a new one, I'm just not sure how to update my access token and store the new refresh token properly to keep access to my app always refreshed.

AJK
  • 391
  • 9
  • 27

3 Answers3

1

once you get access token. use that to get token and refresh token. you will get token, refresh token, expiry for token, expiry for refresh token save all data in database with current time.

for QuickBook token will expire after few hours but refresh token will not expire up to 1 year. so for every request you will first check if token expire get new token with refresh token. refresh token will return token and new refresh token replace that will previous one

Zeeshan Anjum
  • 944
  • 8
  • 16
  • 1
    Does it mean that token, refresh token and others are related to the app and not to the user? What should be a user-related token then? How to manage a situation when multiple users access my web app and want to do something with their qbo data? – Alexander B. Nov 17 '19 at 17:57
  • Thanks, do you have any example of how this would look in code? – AJK Dec 27 '19 at 19:12
0

because you don't have and mechanism to refresh the token . i guess you need a permanent access token.

https://www.oauth.com/oauth2-servers/access-tokens/access-token-lifetime/

Rodener Dajes
  • 377
  • 4
  • 12
  • Thanks, unfortunately with the Quickbooks API, the access token expires after 1 hour and you need to get a new one using the refresh token each time you fire the API. – AJK Feb 06 '19 at 14:00
0
use QuickBooksOnline\API\DataService\DataService;

$dataService = DataService::Configure(array(
    'auth_mode' => 'oauth2',
    'ClientID' => 'your client id',
    'ClientSecret' => 'your client secret',
    'RedirectURI' =>'redirect url',
     'scope' => "com.intuit.quickbooks.accounting openid profile",
     'baseUrl' => 'development or production'
));

$OAuth2LoginHelper = $dataService->getOAuth2LoginHelper();
$authorizationCodeUrl = $OAuth2LoginHelper->getAuthorizationCodeURL();

if( isset($_GET['code']) ) {
    $accessTokenObj = $OAuth2LoginHelper->exchangeAuthorizationCodeForToken( $_GET['code'], 'your company id') );

    // save these for later use

    $refreshTokenValue = $accessTokenObj->getRefreshToken();
    // Expires every 12 hours.
    $refreshTokenExpiry = $accessTokenObj->getRefreshTokenExpiresAt();

    // The access token and access token expiration.
    $accessTokenValue = $accessTokenObj->getAccessToken();
    $accessTokenExpiry = $accessTokenObj->getAccessTokenExpiresAt();
}
Dragi Postolovski
  • 396
  • 3
  • 17