Quickbooks Online API Oauth Configuration

I ran into an issue with setting up the Oauth stuff with Quickbooks. Parabola’s redirect url is registered with my app, I have the client_id and client secret for the production account. Not sure where I am supposed to use the client secret key. It’s also not clear what the endpoint for API calls is or how the userinfo endpoint is used during the token retrieval process. Could you guys maybe point me in the right direction and maybe I’ll write up a basic tutorial once it’s figured out.

The Open ID configurations i as follows:

{
“issuer”:“https://oauth.platform.intuit.com/op/v1”,
“authorization_endpoint”:“https://appcenter.intuit.com/connect/oauth2”,
“token_endpoint”:“https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer”,
“userinfo_endpoint”:“https://accounts.platform.intuit.com/v1/openid_connect/userinfo”,
“revocation_endpoint”:“https://developer.api.intuit.com/v2/oauth2/tokens/revoke”,
“jwks_uri”:“https://oauth.platform.intuit.com/op/v1/jwks”,
“response_types_supported”:[
“code”
],
“subject_types_supported”:[
“public”
],
“id_token_signing_alg_values_supported”:[
“RS256”
],
“scopes_supported”:[
“openid”,
“email”,
“profile”,
“address”,
“phone”
],
“token_endpoint_auth_methods_supported”:[
“client_secret_post”,
“client_secret_basic”
],
“claims_supported”:[
“aud”,
“exp”,
“iat”,
“iss”,
“realmid”,
“sub”
]
}

Hey Thomas,

I’ve tried this one a number of times with no success. I think there is something undocumented on their end that is happening that does not play nicely with our OAuth implementation.

Here is how I read their docs from here: https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0#step-1-prepare-authorization-request

In Parabola:
Step 1:
This URL, with the various parts replaced with what you have on your end:
https://appcenter.intuit.com/connect/oauth2?client_id=your+client+id&scope=com.intuit.quickbooks.accounting&redirect_uri=https%3A%2F%2Fparabola.io%2Fapi%2Fsteps%2Fgeneric_api%2Fcallback&response_type=code&state=whatever

Step 2:
URL: https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer
Parameters:

Then click to add a custom header, set it to Authorization, and set its value to the following:

  1. Take your client_id and client_secret and construct a string like this client_id:client_secret
  2. Base64 encode that string - there are many tools online to do this
  3. Prepend that new encoded string with the word Basic and a space, so that it resembles:
    Basic 123MyEncodedString==
  4. That can be placed in the value section of that Authorization header

Step 3
URL: https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer
Parameters:

  • grant_type : refresh_token

Then add the same custom header as from step 2.

Now that is all assuming that your token_endpoint is https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer , which is sounds like can be different depending on the instance.

1 Like

I read somewhere in their forums that the client_id is sent with the private key like {client_ID}:{private key} I also saw a reference to the info being returned from the user info endpoint during the get token process.

Maybe their support team will have more info.

Oh, I see you covered that. Will try again later… thank you

2 Likes

Has anyone gotten this to work? I am following these steps (I think) but am getting a 400 invalid request from the Acess token step.

Hi @Francis_Costello - not yet on our end, we’ve also been stumped on this and invite any Community members to share their input if they’ve discovered additional information.

Feel free to share this with the GuickBooks Learn & Support Team and ask if there’s a misunderstanding about their OAuth implementation. They might be able to clarify why it doesn’t work with Parabola’s OAuth method.

Is there any additional error detail that isn’t visible in the window the callback opens?

@Francis_Costello at this time we don’t log more detailed errors from api responses and the Quickbooks API is not one we support yet