[SOLVED] Confusion with Intuit Oauth authorisation flow: how to I extract auth code and exchange for tokens?

Confusion with Intuit Oauth authorisation flow: how to I extract auth code and exchange for tokens?

I'm building a React-Node application to access QuickBooks APIs, and my first step is to set up the authorisation flow from my node backend, using the intuit-oauth library. I'm using the OAuth2.0-demo-nodejs sample app as my template (https://github.com/IntuitDeveloper/OAuth2.0-demo-nodejs).

So the first step is to create an authorisation request. Instead of building UI where users enter their details, I've hardcoded in my app's keys:

app.get("/authUri", urlencodedParser, (req, res) => {
  oauthClient = new OAuthClient({
    clientId: "*****",
    clientSecret: "*****",
    environment: "sandbox",
    redirectUri: "http://localhost:8000/callback",
  });

  const authUri = oauthClient.authorizeUri({
    scope: [OAuthClient.scopes.Accounting],
    state: "intuit-test",
  });
  res.send(`this is authUri: ${authUri}`);
});

This code is working as it should and is returning authUri. However, what to do next is confusing me. The documentation says that I should receive back an authorisation code which then needs to converted into a token, and in the sample app, the code to perform this is as follows:

app.get('/callback', function(req, res) {

    oauthClient.createToken(req.url)
       .then(function(authResponse) {
             oauth2_token_json = JSON.stringify(authResponse.getJson(), null,2);
         })
        .catch(function(e) {
             console.error(e);
         });

    res.send('');

});

I've also read in the documentation that I need to redirect users to an authorisation page, create a UI that initiates a redirect, and then get the authorisation code (https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0). So I vaguely understand this but am having knowing where to start after sending the authorization request. Suggestions?

Solution

In the OAuth 2.0 Authorization Code flow, after initiating the authorization request, the enduser gets redirected to the login page and enters his credentials. Then he gets redirected to the callback_uri (redirect_uri) with the code parameter. After that, you have to make a Post Request to the /token endpoint and send the code. When all goes correct you get an AccessToken.

Authorization Code Grant