I have a rails web based app which has users which will be vendors in QuickBooks Online. Users will signup in my rails application with email address and these users will be verified by Admin at EOD manually. I want to write a service/job in rails which will connect to QuickBooks online and create the verified users as vendors in QuickBooks.
My problem is QuickBooks rest API uses OAuth which requires user to enter quickbooks user and password on UI to get the token but my service will be offline, so how can I achieve this?
My problem is QuickBooks rest API uses OAuth which requires user to enter quickbooks user and password on UI
... exactly ONCE, and then NEVER AGAIN.
Repeat - You only have to log in ONCE, and ONLY ONCE, and then NEVER AGAIN.
Log in once, the very first time you deploy your Rails app, and then never log in again.
There should be no issue here. The docs cover this as well:
https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/000500_authentication_and_authorization/0005_your_app_user_experience
https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/000500_authentication_and_authorization/connect_from_within_your_app
https://oauth.net/core/1.0/#auth_step3
Related
I have an App. registered as multi-tenant in azure, configured to allow access to users from other tenants including personal accounts etc..
But it fails when I tried to send using an external personal account. However it is working fine on the tenant members.
My question is, is it required for an external user to have an Exchange License to send email using the Graph API via my app?
If I'm sending using the application scope sendMail, does the user I used to send the email from needs to have a valid exhange license?
Thanks!
I need some experienced opinions or links to a helpful articles about my issue.
Yes, the user you are using to send the email using application permission must have a valid Exchange license.
Also, user has to be part of your tenant while using the application permission otherwise it will just throw 404 not found
Yes, user should be licensed. And to be accessed with personal accounts your application should be registered with audience as "Accounts in any organizational directory and personal Microsoft accounts" https://learn.microsoft.com/en-us/graph/auth-register-app-v2
We have created a Microsoft Teams tab app with bot integration that we want to distribute to various organizations either manually or via an App Store. In summary,
We created Tabs App with Microsoft Bot using node.js botbuilder package.
We provided zip archive to another organization (another tenant Id).
Organization uploaded our app using Microsoft Teams Admin panel and approved permission in Permission tabs.
Question is how can we receive the tenant id from the organization we are deploying to without asking their admins to go to Azure Active Directory and look it up. Once provided, the graph api and the multi tenant bot does work fine. We are trying to avoid asking their admin to provide us the tenant id and want to retrieve it automatically upon the app being uploaded or on startup.
Thank you.
The best place to get the tenant id is from the access token you are provided by logging in to your app. Look for the 'tid' value.
I'm assuming you are talking about stream lining the company wide admin consent for your application.
What you can do is have a web site that a customer's admin can log into (using standard Microsoft OAuth interactive flow). You can then pull the Tenant ID from the access token and then run through the Microsoft consent process. Once consent process redirected back to your web site, you can do your own customer onboarding if required.
As of now, I have created an application that has certain permissions to access Mail Information of certain users in an organization. Till this point, admin from the organization would create the service and provide the credentials.
However, as a plan to scale the application to multiple organizations, I'd like to send a mail to admin to grant access for the permissions and automatically get the credentials.
I'm open to alternative ideas. Any ideas if the above is even feasible?
This is quite impossible to automate the complete process creating, and admin still need to approve the permission in Azure AD. What you can do here is ,just create the application and if user tries to access the app but they can't give consent ,they need to trigger a request for admin approval that can be sent by an email .
To allows admin consent request to be sent via email Configure the admin consent workflow , please follow the docs - Azure AD | Microsoft Docs
Hope that process will help you .
Currently using the Provisioning API that is being depreciated April 20.
This is the current flow:
user (University Alumni) gets to our site http://alumni.columbia.edu/email
they click on Create My Account
they authenticate through our university WIND system using what we call their UNI
they land on a page mentioning that an email account UNI#caa.columbia.edu is ready to be created. They can pick an alias to UNI. They also need to enter a password to use the Chat and POP-mail features of Gmail.
they confirm the creation of the account. At this point the API is being called using https://www.google.com/a/feeds/, some data (email address, name, id) being saved in our database.
To log in, they come through our site, click on the login button, this will use the SSO and they get logged in.
Based on the flow above, do I need to use OAuth2.0?
Yes, you will need to authenticate with OAuth using the Installed Applications approach to do this. Instead of step 5 the way you currently have it, you'll need to call the API from a process on your server with an account that has (limited) admin credentials that can create the account with the Directory API. To do this, you'll need to persist the OAuth token information that the account will use to connect, and handle the code to refresh the token when it has expired.
The first time you run your code you'll need to manually authenticate that account to get your application the appropriate permissions so that they can be stored.
If you're hoping to not go too crazy with handling the authentication side of things and you're using .Net, I'd recommend checking out my project gShell that acts as a wrapper for the authentication and handles the token storing and refreshing for you. It's still a young project but it should fit your needs. Alternately, feel free to browse the code for an example on what to do.
If you plan on using Python, check out Google Apps Manager by jay0lee which is also a wonderful resource.
I have created a sample .NET web app that connects to QuickBooks Online and using pages/forms in the app I can create/update customer records in QB. I would like to know how customer records in my database can be migrated to QB Online so that user does not have to explicitly logon to QB online. I read about WebConnector but it works with desktop version of QB. So I need to have ability to be able to create/update records in QB Online (using a background process) whenever customer records are added or updated in my SQL Server database without connecting to QB Online.
I am thinking of writing a WCF windows service that will call QBOnline API to do this work periodically but not sure how I will connect that service to QB Online. Please suggest if QB supports this (and how) or I have to force users to logon to QB to create/update customers.
I would like to know how customer records in my database can be migrated to QB Online so that user does not have to explicitly logon to QB online.
The very first time you establish a connection to QuickBooks Online, the user must login.
That only needs to be done ONCE. After that very first time, you should be storing your OAuth tokens, and you can send data over anytime you want without any user interaction what-so-ever.
If that's not the behavior you're seeing, it's probably because you're not storing the OAuth tokens like you should be.
I read about WebConnector but it works with desktop version of QB.
Do not use the Web Connector. If you've already implemented a sample .NET web app that connects to QuickBooks Online, then you're on the right path.
I am thinking of writing a WCF windows service that will call QBOnline API
Why would you do this? This is making things so much harder than they have to be... you already implemented a sample .NET web app, keep doing what you're doing.
Please suggest if QB supports this (and how)
It does.
You already implemented a sample app, which means you've already done what you're asking to do. Just make sure you're storing the OAuth tokens so you don't have to keep reconnecting all the time. The connection process by the user should happen ONLY ONCE. If it's happening more than once, you're not storing the tokens like you should be.