Develop Reference

Intuit OpenID Connect, Authorization code returned by the server not working

I'm trying to implement OpenId Connect for QuickBooks, as they are deprecating in 2019 OAuth1.
In the documentation here, I have first to prepare an authorization request to redirect the user to the Intuit OAUth 2.0 server.
To handle all the process, I use the omniauth strategy gem omniauth-quickbooks-oauth2. Here is the omniauth setup:
Rails.application.config.middleware.use OmniAuth::Builder do
# Open ID Connect
provider(
:quickbooks_oauth2,
ENV['INTUIT_CLIENT_ID'],
ENV['INTUIT_CLIENT_SECRET'],
scope: 'com.intuit.quickbooks.accounting openid profile email phone address',
sandbox: Rails.env.development?,
)
end
It generates the following request:
https://appcenter.intuit.com/connect/oauth2?client_id=MYCLIENTID&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fquickbooks_oauth2%2Fcallback&response_type=code&scope=com.intuit.quickbooks.accounting+openid+profile+email+phone+address&state=71f636c1097f8d5bf07a66df5ca64ec43800ea90f6bcedca
Once the user grants the access, Intuit redirect to my redirect URL, and after the user authentification, I get the Authorization code from the params to request the tokens.
For this I use the Gem oauth2
oauth_params = {
:site => "https://appcenter.intuit.com/connect/oauth2",
:authorize_url => "https://appcenter.intuit.com/connect/oauth2",
:token_url => "https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer"
}
client = OAuth2::Client.new(ENV['INTUIT_CLIENT_ID'], ENV['INTUIT_CLIENT_SECRET'], oauth_params)
client.auth_code.get_token(authorization_code,
:redirect_uri => 'http://localhost:3000/auth/quickbooks_oauth2/callback',
:grant_type => "authorization_code")
I then obtain an error message:
OAuth2::Error: invalid_grant:
{"error":"invalid_grant"}
I checked my call back uri are the same on the Intuit developer portal:
http://localhost:3000/auth/quickbooks_oauth2/callback
When I try my code to obtain the tokens from the authorization code I obtained from the Intuit OAUth2 Playground, it works!
Which make me believe the issue may be coming from the implementation of Omniauth, But I'm stucked!

403 Insufficient permissions error while trying to get Google Analytics data

I'm developing RoR application, which allows user to login with google account and download/upload report data from one of his analytics account.
I use omniauth-google-oauth2 gem for authorization with google account and google-api-client for interaction with Google Analytics.
The problem is that when I try to get accounts list with analytics.management.accounts.list method, passing google token as one of authorization parameters, GA responds with 403 Insufficient permissions error.
I suppose, I have to make user to give permission for reading Analytics data in process of authorization. How can I do this?
I've read a lot of related questions, but didn't find solution to my exact problem.
Here is the code:
require 'google/api_client'
client = Google::APIClient.new(:application_name => 'something you like', :application_version => '1')
client.authorization.access_token = 'HERE_GOES_TOKEN'
ga = client.discovered_api('analytics', 'v3')
client.execute(:api_method => ga.management.accounts.list)

Solved the problem! I had to write proper scopes in OAuth configs.
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, PROVIDER_KEY, PROVIDER_SECRET,
{
:scope => "email, profile, https://www.googleapis.com/auth/analytics, https://www.googleapis.com/auth/analytics.edit, https://www.googleapis.com/auth/analytics.manage.users, https://www.googleapis.com/auth/analytics.readonly",
}
end

Rails-api authentications for Facebook SDK iOS connect?

I'm planning to use rails-api for providing JSON API for iOS mobile application to consume. The process:
User open the mobile app
User taps on Facebook connect
Mobile app get fb_access_token and post it to API server to identify the user
API server get user profile on Facebook by using fb_access_token
API server either create and look up the user, then response with a api_token for this particular user
Mobile app use the api_token response for all communication afterward.
Which authentication should be the best option for this app? oAuth2 or BasicAuth? I tried rails-api with doorkeeper, but it doesn't work out of the box because doorkeeper need some assets.

I am doing a basic authentication for this integrated with devise.
First i get the post parameters from the mobile application (the access_token and other stuff).
Then I use open-api to get the user details from facebook:
url = "https://graph.facebook.com/me?access_token="
begin
content = open(URI.encode(url + params[:user][:access_token]))
rescue OpenURI::HTTPError #with this I handle if the access token is not ok
return render :json => {:error => "not_good_access_token" }
end
Now Facebook returns the response
status = content.status[0]
content = ActiveSupport::JSON.decode(content)
if status == "200"
#get the email and check if the user is already in the database. If there is not email, check by the facebook id
#If the user exists return the user. If the user does not exists create new
Hope this helps
Than you can user the same code also for google, just change the url to "https://www.googleapis.com/oauth2/v2/userinfo?access_token="

I'd give omniauth-facebook at try, as it uses OAuth2 and is pretty easy to use. All omniauth strategies are rails middleware, so you just need to add gem 'omniauth-facebook' to your gemfile and add the following to config/initializers/omniauth.rb and you will be able to use /auth/facebook to log in via facebook and /auth/facebook/callback to create the user session (you might want to alter the :display key-value as pop-ups in mobile might not be aesthetically pleasing):
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
:scope => 'email,user_birthday,read_stream', :display => 'popup'
end
The facebook auth token will be in the request.env['omniauth.auth'][:credentials][:token] that gets returned to your callback endpoint, which you can integrate into your mobile authentication strategy. see the above link and the omniauth main page for more details.

Twitter OAuth Values

My goal is to post a comment on a user's twitter page. Here I have this php code...
$connection = new tmhOAuth(array(
'consumer_key' => 'CONSUMER_KEY',
'consumer_secret' => 'CONSUMER_SECRET',
'user_token' => 'USER_TOKEN',
'user_secret' => 'USER_SECRET',
));
Is the consumer key and consumer secret the values I get when creating an application from https://dev.twitter.com/apps ?
Then the user token and user secret would be the person twitter account that i'm trying to post a comment on?
I created a dev twitter application and put in the consumer key/secret from the OAuth settings, and create my access token and put the "Access token" and "Access token secret" as the users. Then when running the script, it gave me a Response code:401
Any ideas? Thanks in advance.

Solved my own question. If anyone cares, you have to go to your application and go to the settings page to make sure it has read and write access.

Create facebook session when Uid and authtoken is received

I have to work on mobile api ,the purpose is to use facebook connect to login and send required data to access the api.
For testing now user provides us with hard coded values of auth token and Uid,so how can i create a session for the user.I'm using facebooker gem ,rails 2.3.4 and ruby 1.8.7.

For this you have to need the access_token with offline_access permission, because these access_token hasn't expires time. In PHP, there is a function named setAccessToken(), in this you can set your access token(which has offline_access permission). Below is the code for PHP( Sorry, I don't know about the RoR)
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$facebook->setAccessToken("...");