This tool demonstrates how to get a QuickBooks OAuth2 access token using three-legged OAuth2 in a Classic ASP application. This is also known as the "authorization code grant flow". This is when your Classic ASP app acts on the behalf of a third-party user, your app must obtain the user's permission before it can make requests that access and update that third-party's confidential resources. A User access token carries a third-party's authorization to access specific resources, and this type of token is obtained through the authorization code grant flow.
<%@ Language=VBScript %>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Classic ASP QuickBooks OAuth2 Example</title>
<link rel="apple-touch-icon" sizes="76x76" href="/apple-touch-icon.png">
<link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<!--#include file="header.shtml" -->
<div>
<%
access_token = ""
state = Request.QueryString("state")
' Check to see if this is our redirect containing the access token.
if state <> "" then
' Make sure this is the redirect for our session.
if state <> Session("oauth2_state") then
access_token = "invalid_state"
elseif Request.QueryString("code") <> "" then
' Exchange authorization code for refresh and access tokens
set glob = Server.CreateObject("Chilkat_9_5_0.Global")
success = glob.UnlockBundle(Mid("<unlockCode>Anything for 30-day trial....</unlockCode>",13,29))
set http = Server.CreateObject("Chilkat_9_5_0.Http")
' The http.Login is your Client ID
http.Login = "L0afAA5iq7sXAIPObKnHkxwxjqANUppOngf3UOE5IPCkzId69d"
' The http.Password is your Client Secret
http.Password = Mid("<secret>............CLIENT_SECRET...............</secret>",9,40)
http.BasicAuth = 1
set req = Server.CreateObject("Chilkat_9_5_0.HttpRequest")
req.AddHeader "Accept","application/json"
req.AddParam "grant_type","authorization_code"
req.AddParam "code",Request.QueryString("code")
req.AddParam "redirect_uri","https://tools.chilkat.io/quickbooks_oauth2.asp"
' resp is a Chilkat_9_5_0.HttpResponse
Set resp = http.PostUrlEncoded("https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer",req)
If (http.LastMethodSuccess <> 1) Then
Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
Response.End
End If
set json = Server.CreateObject("Chilkat_9_5_0.JsonObject")
json.EmitCompact = 0
json.Load(resp.BodyStr)
Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>"
access_token = json.StringOf("access_token")
' You save the JSON containing the access/refresh tokens to a cookie to make it available in subsequent requests in the same ASP session...
' The JSON contains something like this:
' {
' "token_type": "bearer",
' "expires_in": 3600,
' "refresh_token":"Q311488394272qbajGfLBwGmVsbF6VoNpUKaIO5oL49aXLVJUB",
' "x_refresh_token_expires_in":15551893,
' "access_token":"eJlbmMi...jxLfO9Q"
' }
json.EmitCompact = 1
Response.Cookies("qb_access_json")=json.Emit()
end if
end if
set req = Server.CreateObject("Chilkat_9_5_0.HttpRequest")
call req.AddParam("client_id", "L0afAA5iq7sXAIPObKnHkxwxjqANUppOngf3UOE5IPCkzId69d")
' Redirect to any ASP page desired. This example will redirect to this same ASP page..
call req.AddParam("redirect_uri", "https://tools.chilkat.io/quickbooks_oauth2.asp")
call req.AddParam("response_type", "code")
call req.AddParam("scope", "com.intuit.quickbooks.accounting")
' Replace this with random data..
stateData = "12345678"
call req.AddParam("state", stateData)
Session("oauth2_state") = stateData
auth_url = "https://appcenter.intuit.com/connect/oauth2?" + req.GetUrlEncodedParams()
%>
<div class="container">
<h2>Classic ASP to Obtain QuickBooks OAuth2 Access Token</h2>
<p>
This tool demonstrates how to get a QuickBooks OAuth2 access token using
three-legged OAuth2 in a Classic ASP application. This is also known as the "authorization code grant flow".
This is when your Classic ASP app acts on the behalf of a third-party user, your app must obtain the user's permission
before it can make requests that access and update that third-party's confidential resources. A User access token carries
a third-party's authorization to access specific resources, and this type of token is obtained through the authorization code grant flow.
</p>
<div class="panel panel-default">
<div class="panel-body">
<a href="<%=auth_url %>" class="btn btn-primary" role="button">Begin OAuth2</a>
</div>
</div>
<div class="panel panel-default">
<%
if access_token <> "" then
Response.Write("<p><b>QuickBooks access token:</b><br />" & access_token & "</p>")
end if
%>
</div>
<div class="panel panel-default">
<h2>The Classic ASP Source Code for this Page</h2>
<pre><%
set fac = Server.CreateObject("Chilkat_9_5_0.FileAccess")
path = Server.MapPath("quickbooks_oauth2.asp")
src = fac.ReadEntireTextFile(path,"utf-8")
set sbTemp = Server.CreateObject("Chilkat_9_5_0.StringBuilder")
success = sbTemp.Append(src)
n = sbTemp.ReplaceAllBetween("<secret>", "</secret>", "............CLIENT_SECRET...............", 0)
n = sbTemp.ReplaceAllBetween("<unlockCode>", "</unlockCode>", "Anything for 30-day trial....", 0)
src = sbTemp.GetAsString()
Response.Write(Server.HTMLEncode(src))
%>
</pre>
</div>
</div>
</div>
<!--#include file="footer.shtml" -->
</body>
</html>