I am creating a connection to QuickBooks Online using the "Connect To QuickBooks" button as described on the following page:
http://docs.developer.intuit.com/0025_Intuit_Anywhere/0010_Getting_Started/0020_Connect/0010_From_Within_Your_App/Implement_OAuth_in_Your_App
Using this method is it possible to retrieve the Intuit User ID that the user entered (when prompted during the Intuit Sign In dialog) so that I can associate that user ID with the access token, access token secret, and realmId that is returned.
Intuit has a "current user" API which does what you're asking for. You could make this API request as soon as you get the OAuth tokens from Intuit, and then record the association in your app.
Here are the docs for it:
https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/0085_develop_quickbooks_apps/0004_authentication_and_authorization/platform_api
You basically do an OAuth GET request to this URL:
https://appcenter.intuit.com/api/v1/user/current
And Intuit returns a response like this which will give you the person's name and e-mail address:
<?xml version="1.0"?>
<UserResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://platform.intuit.com/api/v1">
<ErrorCode>0</ErrorCode>
<ServerTime>2012-04-13T18:47:34.5422493Z</ServerTime>
<User>
<FirstName>John</FirstName>
<LastName>Doe</LastName>
<EmailAddress>JohnDoe#g88.net</EmailAddress>
<IsVerified>true</IsVerified>
</User>
</UserResponse>
Related
I have a database with emails and passwords, and a Flutter app that lets those users log into the app by providing their email and password (the old fashioned way).
Now, some of those users are part of an organization that has a separate website where they use Microsoft/Office 365 accounts to sign in. Of course they want to be able to log into my app using their Office 365 accounts as well, instead of having to remember and type a different password in the app than they normally use on their organizations website.
So I've been looking at their website, which uses Microsoft Azure as a the backend. From their current login page I could find the tenantID, clientID, redirectURL and scope. From this I am able to get an authorization code back from the login.microsoftonline.com authorization endpoint. However, as my app is not registered in the organizations Azure account, I don't have a clientSecret so I can't call the token endpoint and get an idToken.
I'm using a WebView to display the login to their organizations website, so I can grab the authorization code from the redirect URL when they are redirected.
So my question is if I can use the authorization code directly to verify that the user has successfully signed in using their Office 365 account? All I need to know is that the user has an account at the organization, and that they could provide a valid email and password to login.
If they are redirected to the redirect URL with an autorization code, it means that they successfully logged in. Then I could consider them logged in to my app as well, based on the email provided to the Office 365 authorization endpoint. Because if they couldn't log in to their Office 365 they wouldn't get an authorization code, right?
No, the authorization code only has meaning to the identity provider, in this case Azure AD. It doesn't prove anything to your app.
What you could do is try response_type=code+id_token in the authorization URL.
If ID tokens have been configured as returnable from the authorization endpoint (this is done in the app registration configuration), you will get back a signed id token that you can verify.
I'm in the process of migrating our software, which makes requests on behalf of merchants to PayPal using the PayPal SOAP API, to the PayPal REST API infrastructure.
I'm using the Client ID / Secret of my PayPal developer account to get a Bearer token from the Sandbox, using https://api.sandbox.paypal.com/v1/oauth2/token.
Then I'm doing a call to https://api.sandbox.paypal.com/v2/checkout/orders, using our the bearer token just got, to make requests on behalf of a merchant. I'm using the PayPal-Auth-Assertion header with the following (encoded) JWT-Token:
Header:
{
"typ": "JWT",
"alg": "HS256"
}
Body: {
"email": "[merchant e-mail]",
"iss": "[my client id]"
}
The "merchant e-mail" is one of the sandbox accounts I opened in https://developer.paypal.com/developer/accounts/
In return I get a (400) Bad Request {"error":"invalid_request","error_description":"No permissions to set target_client_id"}.
It seems like there must be an additional step for the sandbox account to grant permissions to the developer account. For the SOAP API, I could add the user name of a 3rd party in the following screen . Then I could use the same username as header value for X-PAYPAL-SECURITY-USERID. However, I cannot seem to link the sandbox account in the same way, because there is no "third party username" for the main account (the one I'm getting the Client ID from).
What exactly has to be configured to allow these types of 3rd party calls for REST API?
I'm using the PayPal-Auth-Assertion header with the following (encoded) JWT-Token:
You need to be a PayPal partner to be using that type of functionality. Contact PayPal if you want to be a partner.
If you want to use their generally-accessible APIs, you have two options.
Have every merchant create their own REST API App via https://www.paypal.com/signin?intent=developer&returnUri=https%3A%2F%2Fdeveloper.paypal.com%2Fdeveloper%2Fapplications , and copy paste their live client ID and secret into your configuration. This is the best solution, and it is the solution you should pursue.
Use the payee object: https://developer.paypal.com/docs/checkout/integration-features/custom-payee/ , which gives you less control (cannot capture authorizations or issue refunds, for example)
I am trying to get the impersonated userguid from the docusign api. Per the documentation I need to call /restapi/v2/accounts/account_id/users?email=email, which is not working for me. I assume the full url would be https://admin.docusign.com/restapi/v2/accounts/account_id/users?email="sampleemail#gmail.com" .
I am getting a 404 when entering my email in the above format.
Looks like you have the incorrect domain. API Calls generally don't get made against admin.docusign.com. You'll want to make that call against the Application Server your account is on.
In the Sandbox environment that will be demo.docusign.net. In prod you'd need to make a UserInfo call to determine which server your account is on. It could be something like www.docusign.net or na2.docusign.net, but there are several possible domains.
In order to get Impersonate GUID ,
Login to admin account
Under setting options Click API and keys
Value under the user id text box is Impersonate GUID
During configuration & setup:
1. You have an account admin enter information such as account, their userId ("API User Name" in web app). Save both items.
2. You follow the "consent flow", get their consent, generate a JWT and
exchange for a token.
3. Use the /user_info call against the account
server to get the list of their accounts. If more than one account
in the array, find the one that matches what they entered in the
configuration. Get and save the associated "base_uri". You will
use that for all subsequent API calls.
Your application now has stored the account ID, the admin's "userId", and the base URI to built API URLs.
During business application operations:
Admin is "Bob". Sender is "Jill"
You need to get an access token for Jill.
1. Create JWT for Bob, exchange for access token, make GET /users?email={Jill's email). This gives you Jill's "userId".
2. Create JWT for Jill, exchange for access token.
3. Make API call as Jill, using her access token.
Dears, I created a custom REST API, So customer can login Via facebook and twitter through mobile app. The API consists of one service which take some parameters and email parameter and check if this email is found or not.
-If found, then return customer id.
-If not found, then insert email and other parameters (firstname, lastname, socialid, socialtype).
My question, I don't save password for the customer because the response return from facebook doest not contain password, so how to get token authentication, so I can do all operations which request customer token?
I normal, I can login and get token through:
POST
https://myhost.com/index.php/rest/V1/integration/customer/token?username=test#gmail.com&password=12345
and response will be token.
I am using app login access token retrieved through following API -
https://graph.facebook.com/oauth/access_token?client_id=&client_secret=&grant_type=client_credentials
Can I retrieve email address (primary email not the facebook email) of any user if it is public using Graph API?
Thanks
Lakhan
Two ways to get users primary email:
For the authenticating user (ie the one who has granted your application access to their profile) and only when you explicitly request that permission.
If the email is explicitly made public by some arbitrary user not authenticating with your app, then that will be available to you also. Any publically visable info you can see via facebook.com is equally accessible via the API.
For getting the authenticating users email, when you first request the oAuth dialog you need to pass a scope with the email permission (as well as whatever other permissions you require). See more about permissions here and more about using scope here .
When the email is available it can be found in the User payload, see more about the API request and payload here.
Check the doc here : http://developers.facebook.com/docs/reference/api/user/
With the email argument, you will be able to get the email.