1
votes

I have a Magento 2.3 store that I'm trying to sync some data to Quickbooks Online. I've created a QBO App but this is my first time using oauth and I'm a bit confused on how to store and use the access / refresh tokens.

According to Quickbooks doc I need to store the latest refresh token:

Each access token can only be valid for an hour after its creation. If you try to make an API call after an hour with the same access token, the request will be blocked by QBO. That is what refresh token used for. It is used to request a new access token after access token expired, so you can still access to the QBO company after an hour. Just remember, whenever you make a refreshToken API call, always STORE THE LATEST REFRESH TOKEN value in your session or database. In QuickBooks Online OAuth 2 protocol, it is not the access token you should store, it is the refresh token you need to store.

So my question is, how do I properly store and call upon my refresh token to generate a new access token each time my API makes a call to sync data.

Currently, I'm directly using my OAuth tokens by hard coding them into my helper file:

<?php
namespace Company\Module\Helper;

use QuickBooksOnline\API\DataService\DataService;

class Data extends \Magento\Framework\App\Helper\AbstractHelper
{
  public function getConfigurationSetting()
  {
    $dataService = DataService::Configure(array(
      'auth_mode' => 'oauth2',
      'ClientID' => '<<my ClientID',
      'ClientSecret' => '<<my ClientSecret>>',
      'accessTokenKey' => 'xxxxxx',
      'refreshTokenKey' => 'xxxxxx',
      'QBORealmID' => "123xxxxxxx",
      'baseUrl' => 'Development'
    ));

    $OAuth2LoginHelper = $dataService->getOAuth2LoginHelper();
    $refreshedAccessTokenObj = $OAuth2LoginHelper->refreshToken();
    $error = $OAuth2LoginHelper->getLastError();
    if ($error){
      $dataService->throwExceptionOnError(true);
    } else {
      $dataService->updateOAuth2Token($refreshedAccessTokenObj);
    }
    return $dataService;
  }
}

And then I'm calling that from my controller:

<?php
namespace Company\Module\Observer;

use Magento\Framework\Event\ObserverInterface;
use QuickBooksOnline\API\DataService\DataService;

class CreateQbInvoice implements ObserverInterface
{

  protected $helperData;

  public function __construct(
    \Company\Module\Helper\Data $helperData
  ){
    $this->helperData = $helperData;
  }

  public function execute()
  {
    // Prep Data Services
    $dataService = $this->helperData->getConfigurationSetting();
...

Now this works until my access token expires and I need to generate a new one, I'm just not sure how to update my access token and store the new refresh token properly to keep access to my app always refreshed.

3

3 Answers

1
votes

once you get access token. use that to get token and refresh token. you will get token, refresh token, expiry for token, expiry for refresh token save all data in database with current time.

for QuickBook token will expire after few hours but refresh token will not expire up to 1 year. so for every request you will first check if token expire get new token with refresh token. refresh token will return token and new refresh token replace that will previous one

0
votes

because you don't have and mechanism to refresh the token . i guess you need a permanent access token.

https://www.oauth.com/oauth2-servers/access-tokens/access-token-lifetime/

0
votes
use QuickBooksOnline\API\DataService\DataService;

$dataService = DataService::Configure(array(
    'auth_mode' => 'oauth2',
    'ClientID' => 'your client id',
    'ClientSecret' => 'your client secret',
    'RedirectURI' =>'redirect url',
     'scope' => "com.intuit.quickbooks.accounting openid profile",
     'baseUrl' => 'development or production'
));

$OAuth2LoginHelper = $dataService->getOAuth2LoginHelper();
$authorizationCodeUrl = $OAuth2LoginHelper->getAuthorizationCodeURL();

if( isset($_GET['code']) ) {
    $accessTokenObj = $OAuth2LoginHelper->exchangeAuthorizationCodeForToken( $_GET['code'], 'your company id') );

    // save these for later use

    $refreshTokenValue = $accessTokenObj->getRefreshToken();
    // Expires every 12 hours.
    $refreshTokenExpiry = $accessTokenObj->getRefreshTokenExpiresAt();

    // The access token and access token expiration.
    $accessTokenValue = $accessTokenObj->getAccessToken();
    $accessTokenExpiry = $accessTokenObj->getAccessTokenExpiresAt();
}