This tool demonstrates how to get a QuickBooks OAuth2 access token using three-legged OAuth2 in a Classic ASP application. This is also known as the "authorization code grant flow". This is when your Classic ASP app acts on the behalf of a third-party user, your app must obtain the user's permission before it can make requests that access and update that third-party's confidential resources. A User access token carries a third-party's authorization to access specific resources, and this type of token is obtained through the authorization code grant flow.
<%@ Language=VBScript %> <!DOCTYPE html> <html lang="en"> <head> <title>Classic ASP QuickBooks OAuth2 Example</title> <link rel="apple-touch-icon" sizes="76x76" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32"> <link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16"> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> </head> <body> <!--#include file="header.shtml" --> <div> <% access_token = "" state = Request.QueryString("state") ' Check to see if this is our redirect containing the access token. if state <> "" then ' Make sure this is the redirect for our session. if state <> Session("oauth2_state") then access_token = "invalid_state" elseif Request.QueryString("code") <> "" then ' Exchange authorization code for refresh and access tokens set glob = Server.CreateObject("Chilkat_9_5_0.Global") success = glob.UnlockBundle(Mid("<unlockCode>Anything for 30-day trial....</unlockCode>",13,29)) set http = Server.CreateObject("Chilkat_9_5_0.Http") ' The http.Login is your Client ID http.Login = "L0afAA5iq7sXAIPObKnHkxwxjqANUppOngf3UOE5IPCkzId69d" ' The http.Password is your Client Secret http.Password = Mid("<secret>............CLIENT_SECRET...............</secret>",9,40) http.BasicAuth = 1 set req = Server.CreateObject("Chilkat_9_5_0.HttpRequest") req.AddHeader "Accept","application/json" req.AddParam "grant_type","authorization_code" req.AddParam "code",Request.QueryString("code") req.AddParam "redirect_uri","https://tools.chilkat.io/quickbooks_oauth2.asp" ' resp is a Chilkat_9_5_0.HttpResponse Set resp = http.PostUrlEncoded("https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer",req) If (http.LastMethodSuccess <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>" Response.End End If set json = Server.CreateObject("Chilkat_9_5_0.JsonObject") json.EmitCompact = 0 json.Load(resp.BodyStr) Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>" access_token = json.StringOf("access_token") ' You save the JSON containing the access/refresh tokens to a cookie to make it available in subsequent requests in the same ASP session... ' The JSON contains something like this: ' { ' "token_type": "bearer", ' "expires_in": 3600, ' "refresh_token":"Q311488394272qbajGfLBwGmVsbF6VoNpUKaIO5oL49aXLVJUB", ' "x_refresh_token_expires_in":15551893, ' "access_token":"eJlbmMi...jxLfO9Q" ' } json.EmitCompact = 1 Response.Cookies("qb_access_json")=json.Emit() end if end if set req = Server.CreateObject("Chilkat_9_5_0.HttpRequest") call req.AddParam("client_id", "L0afAA5iq7sXAIPObKnHkxwxjqANUppOngf3UOE5IPCkzId69d") ' Redirect to any ASP page desired. This example will redirect to this same ASP page.. call req.AddParam("redirect_uri", "https://tools.chilkat.io/quickbooks_oauth2.asp") call req.AddParam("response_type", "code") call req.AddParam("scope", "com.intuit.quickbooks.accounting") ' Replace this with random data.. stateData = "12345678" call req.AddParam("state", stateData) Session("oauth2_state") = stateData auth_url = "https://appcenter.intuit.com/connect/oauth2?" + req.GetUrlEncodedParams() %> <div class="container"> <h2>Classic ASP to Obtain QuickBooks OAuth2 Access Token</h2> <p> This tool demonstrates how to get a QuickBooks OAuth2 access token using three-legged OAuth2 in a Classic ASP application. This is also known as the "authorization code grant flow". This is when your Classic ASP app acts on the behalf of a third-party user, your app must obtain the user's permission before it can make requests that access and update that third-party's confidential resources. A User access token carries a third-party's authorization to access specific resources, and this type of token is obtained through the authorization code grant flow. </p> <div class="panel panel-default"> <div class="panel-body"> <a href="<%=auth_url %>" class="btn btn-primary" role="button">Begin OAuth2</a> </div> </div> <div class="panel panel-default"> <% if access_token <> "" then Response.Write("<p><b>QuickBooks access token:</b><br />" & access_token & "</p>") end if %> </div> <div class="panel panel-default"> <h2>The Classic ASP Source Code for this Page</h2> <pre><% set fac = Server.CreateObject("Chilkat_9_5_0.FileAccess") path = Server.MapPath("quickbooks_oauth2.asp") src = fac.ReadEntireTextFile(path,"utf-8") set sbTemp = Server.CreateObject("Chilkat_9_5_0.StringBuilder") success = sbTemp.Append(src) n = sbTemp.ReplaceAllBetween("<secret>", "</secret>", "............CLIENT_SECRET...............", 0) n = sbTemp.ReplaceAllBetween("<unlockCode>", "</unlockCode>", "Anything for 30-day trial....", 0) src = sbTemp.GetAsString() Response.Write(Server.HTMLEncode(src)) %> </pre> </div> </div> </div> <!--#include file="footer.shtml" --> </body> </html>