skip to Main Content

I have a Magento 2.3 store that I’m trying to sync some data to Quickbooks Online.
I’ve created a QBO App but this is my first time using oauth and I’m a bit confused on how to store and use the access / refresh tokens.

According to Quickbooks doc I need to store the latest refresh token:

Each access token can only be valid for an hour after its creation. If you try to make an API call after an hour with the same access token, the request will be blocked by QBO. That is what refresh token used for. It is used to request a new access token after access token expired, so you can still access to the QBO company after an hour. Just remember, whenever you make a refreshToken API call, always STORE THE LATEST REFRESH TOKEN value in your session or database. In QuickBooks Online OAuth 2 protocol, it is not the access token you should store, it is the refresh token you need to store.

So my question is, how do I properly store and call upon my refresh token to generate a new access token each time my API makes a call to sync data.

Currently, I’m directly using my OAuth tokens by hard coding them into my helper file:

<?php
namespace CompanyModuleHelper;

use QuickBooksOnlineAPIDataServiceDataService;

class Data extends MagentoFrameworkAppHelperAbstractHelper
{
  public function getConfigurationSetting()
  {
    $dataService = DataService::Configure(array(
      'auth_mode' => 'oauth2',
      'ClientID' => '<<my ClientID',
      'ClientSecret' => '<<my ClientSecret>>',
      'accessTokenKey' => 'xxxxxx',
      'refreshTokenKey' => 'xxxxxx',
      'QBORealmID' => "123xxxxxxx",
      'baseUrl' => 'Development'
    ));

    $OAuth2LoginHelper = $dataService->getOAuth2LoginHelper();
    $refreshedAccessTokenObj = $OAuth2LoginHelper->refreshToken();
    $error = $OAuth2LoginHelper->getLastError();
    if ($error){
      $dataService->throwExceptionOnError(true);
    } else {
      $dataService->updateOAuth2Token($refreshedAccessTokenObj);
    }
    return $dataService;
  }
}

And then I’m calling that from my controller:

<?php
namespace CompanyModuleObserver;

use MagentoFrameworkEventObserverInterface;
use QuickBooksOnlineAPIDataServiceDataService;

class CreateQbInvoice implements ObserverInterface
{

  protected $helperData;

  public function __construct(
    CompanyModuleHelperData $helperData
  ){
    $this->helperData = $helperData;
  }

  public function execute()
  {
    // Prep Data Services
    $dataService = $this->helperData->getConfigurationSetting();
...

Now this works until my access token expires and I need to generate a new one, I’m just not sure how to update my access token and store the new refresh token properly to keep access to my app always refreshed.

3

Answers


  1. because you don’t have and mechanism to refresh the token . i guess you need a permanent access token.

    https://www.oauth.com/oauth2-servers/access-tokens/access-token-lifetime/

    Login or Signup to reply.
  2. once you get access token. use that to get token and refresh token.
    you will get token, refresh token, expiry for token, expiry for refresh token
    save all data in database with current time.

    for QuickBook token will expire after few hours but refresh token will not expire up to 1 year.
    so for every request you will first check if token expire get new token with refresh token. refresh token will return token and new refresh token replace that will previous one

    Login or Signup to reply.
  3. use QuickBooksOnlineAPIDataServiceDataService;
    
    $dataService = DataService::Configure(array(
        'auth_mode' => 'oauth2',
        'ClientID' => 'your client id',
        'ClientSecret' => 'your client secret',
        'RedirectURI' =>'redirect url',
         'scope' => "com.intuit.quickbooks.accounting openid profile",
         'baseUrl' => 'development or production'
    ));
    
    $OAuth2LoginHelper = $dataService->getOAuth2LoginHelper();
    $authorizationCodeUrl = $OAuth2LoginHelper->getAuthorizationCodeURL();
    
    if( isset($_GET['code']) ) {
        $accessTokenObj = $OAuth2LoginHelper->exchangeAuthorizationCodeForToken( $_GET['code'], 'your company id') );
    
        // save these for later use
    
        $refreshTokenValue = $accessTokenObj->getRefreshToken();
        // Expires every 12 hours.
        $refreshTokenExpiry = $accessTokenObj->getRefreshTokenExpiresAt();
    
        // The access token and access token expiration.
        $accessTokenValue = $accessTokenObj->getAccessToken();
        $accessTokenExpiry = $accessTokenObj->getAccessTokenExpiresAt();
    }
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search