My task is to integrate Quick Books 2015 enterprise with my web application. I created a web service to handle web connector call. I install web connector in client computer where Quick Books 2015 enterprise is running. I created a .qwc file to add application.
Everything is OK. I added a AppID in .qwc. I need to retrive AppID in any WebService method ie. authenticate etc. How can i get that?
QBWC client will push the username and password to you for authentication.
See https://developer-static.intuit.com/qbSDK-current/doc/PDF/QBWC_proguide.pdf for more information on QBWC.
AppID is not used and can be blank.
Related
I am trying to create a web app for my server which can connect my website forms to Google Sheet. While generating the OAuth client ID and Secret I chose "webserver" and I needed to enter a call-back URI to handle the authorization code returned back from Google as a response.
Well, now I created another client id, but this time I chose Application type as "Desktop" and I didn't need to enter any redirect URI. In my PHP app, I used redirect URI as urn:ietf:wg:oauth:2.0:oob.
However, in both cases, I was able to get Access Token and Refresh Token and my Google Sheet API working smoothly.
So my question why I should choose Application Type as "Webserver" and do an extra step by entering "Redirect URI"? What is the benefit of doing so?
You may check a Quickstart Oauthflow here https://developers.google.com/sheets/api/quickstart/php#step_1_turn_on_the
So my question why I should choose Application Type as "Webserver" and do an extra step by entering "Redirect URI"? What is the benefit of doing so?
Security. Web server client will return the auth to your server. Installed will return it to where ever the request came from. If someone got your client id and secret for a web app they couldn't use it. However if someone got your client id and secret for an installed app they could easily use it to impersonate your developer account.
What is client id and client secret.
Think of the Client id as a login and the secret as its password. This login and password identify your project to Google and they identify the developer of that project as you.
You the developer are responsible for this login and password. If it is stolen then as far as google can see it is your application using it google has no way of knowing other wise. If the login and password for a desktop app is stolen someone could put up an app and as far as anyone would know it would appear to be your app.
You create super awesome email app which gives access to a users gmail account. It becomes very popular and a lot of people know the name. Someone steals your client id and secret creates an app that looks exactly like your super awesome email app. There is no way for anyone to know its not. Because its set up as a desktop app this person could then put it up and start harvesting authorization from your potentiate users without them having any idea. It looks exactly like your app only the responses are going to urn:ietf:wg:oauth:2.0:oob which is the host server of the person who put up this app to mimic yours.
Unless your application is running on a users machine its really not a good idea to use installed credentials. That being said theirs nothing to stop you from doing so it will work.
I want to use OAuth2 in Microsoft OneDrive. The application is Windows and Android, but I don't know what should I insert in redirect uri. I will be grateful if anyone helps me.
This is specified in Microsoft's documentation for the OneDrive REST API: "OneDrive authentication and sign-in"
Use this redirect URL for mobile and desktop applications https://login.live.com/oauth20_desktop.srf.
https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/msa-oauth
As of Jan 24 2022
Register your app The first step is to register an app with Microsoft
and provide some details about your app. You can register your
application and receive a new app ID from the Azure App registrations page: https://aka.ms/AppRegistrations
Then click on Authentication on the left menu
I have a rails web based app which has users which will be vendors in QuickBooks Online. Users will signup in my rails application with email address and these users will be verified by Admin at EOD manually. I want to write a service/job in rails which will connect to QuickBooks online and create the verified users as vendors in QuickBooks.
My problem is QuickBooks rest API uses OAuth which requires user to enter quickbooks user and password on UI to get the token but my service will be offline, so how can I achieve this?
My problem is QuickBooks rest API uses OAuth which requires user to enter quickbooks user and password on UI
... exactly ONCE, and then NEVER AGAIN.
Repeat - You only have to log in ONCE, and ONLY ONCE, and then NEVER AGAIN.
Log in once, the very first time you deploy your Rails app, and then never log in again.
There should be no issue here. The docs cover this as well:
https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/000500_authentication_and_authorization/0005_your_app_user_experience
https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/000500_authentication_and_authorization/connect_from_within_your_app
https://oauth.net/core/1.0/#auth_step3
I am trying to connect to VSO using oAuth.
First step is to register our app and configure a call back url.
I am creating a console application to test the connectivity.
Please let me know how to configure the callback url.
Firstly, please take note that: Right now, it is only supported to register web application, it is impossible to register a console app.
So, you need to have a web app first, you can download and use this sample project for a quick start: https://vsooauthclientsample.codeplex.com/
After you download the app, open it in VS2013 or higher, right-click it in Solution Explorer and select Publish.
On the Publish Web page, select Microsoft Azure Website option to publish that web app to Azure.
Then, the web app is published to Azure with the URL similar to: https://vsodevabc.azurewebsites.net
And when you register this web app, you can set Application Website and Callback URL to be the followings. (note: the callback URL should be https://yoursite.azurewebsites.net/oauth/callback, where "yoursite" is the name of your Azure web site)
When using VSO (now called Team Services) with oAuth2.0 you do have to provide callback url endpoint that Microsoft's Team Services can call directly. So you need to have your application's callback url endpoint published such as publishing to Azure or Aws or any hosting provider that will allow you to have publically accessible url. In the FAQ under Team Services Rest API, there is mention of this approach for debugging purposes:
Visual Studio Team Services does not allow localhost to be the hostname in your callback URL. You can edit the hosts file on your local computer to map a hostname to 127.0.0.1. Then use this hostname when you register your app. Or, you can deploy your app when testing to a Microsoft Azure website to be able to debug and use HTTPS for the callback URL
Visual Studio Team Service's Rest API oAuth
I'd like to create an MVC app in Visual Studio that connects to Google Drive via a service account.
Right now, I'm trying to understand the documentation and examples here:
https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#service_account
In that documentation, it gives an example for how to connect to the Google API using a service account credential (see the section titled "Service account". The example creates a certificate object with this line:
var certificate = new X509Certificate2(#"key.p12", "notasecret", X509KeyStorageFlags.Exportable);
Where is the "key.p12" file actually stored? (to be clear, I know how to download the file from google -- I'm asking where it goes in source control and on the server once I deploy).
I'm using VisualStudio -- how should I have the key.p12 file deployed with the rest of the application when I publish?
I assume the secret "notasecret" should be updated and secured. How do I update this secret and how do I pass it securely without hard coding it in my application?
Very new to this so please let me know if any of my questions don't make sense.
Thank you!