-
-
Save mellodave/2571ed4cfc0b845c730f to your computer and use it in GitHub Desktop.
oauth_workingexample.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('OAUTH_REQUEST_URL', 'https://oauth.intuit.com/oauth/v1/get_request_token'); | |
| define('OAUTH_ACCESS_URL', 'https://oauth.intuit.com/oauth/v1/get_access_token'); | |
| define('OAUTH_AUTHORISE_URL', 'https://appcenter.intuit.com/Connect/Begin'); | |
| define('CALLBACK_URL', 'http://localhost:8888/oauth_workingexample.php'); | |
| define('OAUTH_BASEURL', 'https://oauth.intuit.com'); | |
| define('APP_TOKEN', 'XXXXXXXXXX' ); | |
| define('CLIENT_KEY', 'XXXXXXXXXX'); | |
| define('CLIENT_SECRET', 'XXXXXXXXXX'); | |
| session_start(); | |
| //********************************************************************************************************* | |
| // Step 1: Request Token | |
| // This step negotiates for an unauthorized request token from Intuit OAuth Services. | |
| //********************************************************************************************************* | |
| if (!isset( $_GET['oauth_token'] )) | |
| { | |
| $url = OAUTH_REQUEST_URL; | |
| $fields = array( 'oauth_consumer_key' => CLIENT_KEY, | |
| 'oauth_nonce' => time(), | |
| 'oauth_signature_method' => 'HMAC-SHA1', | |
| 'oauth_timestamp' => time(), | |
| 'oauth_version' => '1.0', | |
| 'oauth_callback' => CALLBACK_URL ); | |
| ksort($fields); | |
| $sorted_fields = array(); | |
| foreach ($fields as $key => $value) { | |
| $sorted_fields[] = rawurlencode($key) . '=' . rawurlencode($value); | |
| } | |
| $string_fields = implode('&', $sorted_fields); | |
| $signature_data = strtoupper('POST') . '&' . rawurlencode(OAUTH_REQUEST_URL) . '&' . rawurlencode($string_fields); | |
| $key = rawurlencode(CLIENT_SECRET) . '&'; | |
| $signature = base64_encode(hash_hmac('SHA1', $signature_data, $key, 1)); | |
| $fields['oauth_signature'] = $signature; | |
| $fields_string = ''; | |
| foreach( $fields as $key => $value ) { | |
| $fields_string .= $key . '=' . $value . '&'; | |
| } | |
| rtrim($fields_string, '&'); | |
| $ch = curl_init($url); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| curl_setopt($ch, CURLOPT_POST, count($fields)); | |
| curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); | |
| $response = curl_exec($ch); | |
| $headerSent = curl_getinfo($ch, CURLINFO_HEADER_OUT ); | |
| curl_close($ch); | |
| parse_str($response, $request_token); | |
| //********************************************************************************************************* | |
| // Step 2: send user to intuit to authorize | |
| //********************************************************************************************************* | |
| if ($request_token['oauth_token']) { | |
| $_SESSION['secret'] = $request_token['oauth_token_secret']; | |
| session_write_close(); | |
| header('Location: '. OAUTH_AUTHORISE_URL .'?oauth_token='.$request_token['oauth_token']); | |
| } | |
| else { | |
| print '<pre>'; | |
| print $response; | |
| exit; | |
| } | |
| } | |
| //********************************************************************************************************* | |
| // Step 3: request a access token from Intuit | |
| //********************************************************************************************************* | |
| if ( isset($_GET['oauth_token']) && isset($_GET['oauth_verifier']) ) { | |
| $url = OAUTH_ACCESS_URL; | |
| $fields = array( 'oauth_consumer_key' => CLIENT_KEY, | |
| 'oauth_nonce' => time(), | |
| 'oauth_signature_method' => 'HMAC-SHA1', | |
| 'oauth_timestamp' => time(), | |
| 'oauth_version' => '1.0', | |
| 'oauth_callback' => CALLBACK_URL, | |
| 'oauth_token' => $_GET['oauth_token'], | |
| 'oauth_verifier' => $_GET['oauth_verifier'] ); | |
| ksort($fields); | |
| $sorted_fields = array(); | |
| foreach ($fields as $key => $value) { | |
| $sorted_fields[] = rawurlencode($key) . '=' . rawurlencode($value); | |
| } | |
| $string_fields = implode('&', $sorted_fields); | |
| $signature_data = strtoupper('POST') . '&' . rawurlencode(OAUTH_ACCESS_URL) . '&' . rawurlencode($string_fields); | |
| $key = rawurlencode(CLIENT_SECRET) . '&' . rawurlencode($_SESSION['secret']); | |
| $signature = base64_encode(hash_hmac('SHA1', $signature_data, $key, 1)); | |
| $fields['oauth_signature'] = $signature; | |
| $fields_string = ''; | |
| foreach( $fields as $key => $value ) { | |
| $fields_string .= $key . '=' . $value . '&'; | |
| } | |
| rtrim($fields_string, '&'); | |
| $ch = curl_init($url); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| curl_setopt($ch, CURLOPT_POST, count($fields)); | |
| curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); | |
| $response = curl_exec($ch); | |
| $headerSent = curl_getinfo($ch, CURLINFO_HEADER_OUT ); | |
| curl_close($ch); | |
| parse_str($response, $request_token); | |
| if ($request_token['oauth_token']) { | |
| $_SESSION['realmId'] = $_GET['realmId']; // realmId is legacy for customerId | |
| $_SESSION['dataSource'] = $_GET['dataSource']; | |
| $_SESSION['oauth_token'] = $request_token['oauth_token']; | |
| $_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret']; | |
| session_write_close(); | |
| } | |
| else | |
| { | |
| print '<pre>'; | |
| print $response; | |
| exit; | |
| } | |
| } | |
| //********************************************************************************************************* | |
| // Step 4: test the authenticated connection | |
| //********************************************************************************************************* | |
| if (isset($_SESSION['oauth_token']) ) | |
| { | |
| $url = 'https://sandbox-quickbooks.api.intuit.com/v3/company/1314049215/invoice/129'; | |
| $fields = array( 'oauth_consumer_key' => CLIENT_KEY, | |
| 'oauth_nonce' => time(), | |
| 'oauth_signature_method' => urlencode( 'HMAC-SHA1' ), | |
| 'oauth_timestamp' => time(), | |
| 'oauth_version' => '1.0', | |
| 'oauth_token' => urlencode( $_SESSION['oauth_token'] )); | |
| ksort($fields); | |
| $sorted_fields = array(); | |
| foreach ($fields as $key => $value) { | |
| $sorted_fields[] = rawurlencode($key) . '=' . rawurlencode($value); | |
| } | |
| $string_fields = implode('&', $sorted_fields); | |
| $signature_data = strtoupper('GET') . '&' . rawurlencode($url) . '&' . rawurlencode( $string_fields ); | |
| $key = rawurlencode(CLIENT_SECRET) . '&' . rawurlencode($_SESSION['oauth_token_secret']); | |
| $signature = urlencode( base64_encode(hash_hmac('SHA1', $signature_data, $key, 1)) ); | |
| $ch = curl_init($url); | |
| $header = array(); | |
| $header[] = 'Accept: application/json'; | |
| $header[] = 'Authorization: OAuth oauth_token="' . $fields['oauth_token'] . '",oauth_nonce="' . $fields['oauth_nonce'] . '",oauth_consumer_key="' . $fields['oauth_consumer_key'] . '",oauth_signature_method="' . $fields['oauth_signature_method'] . '",oauth_timestamp="' . $fields['oauth_timestamp'] . '",oauth_version="' . $fields['oauth_version'] . '",oauth_signature="' . $signature . '"'; | |
| curl_setopt($ch, CURLOPT_HTTPHEADER, $header); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| $response = curl_exec($ch); | |
| curl_close($ch); | |
| print '<pre>'; | |
| print_r(json_decode($response,1)); | |
| exit; | |
| } | |
| //********************************************************************************************************* | |
| // Function: _urlencode_rfc3986 | |
| //********************************************************************************************************* | |
| function _urlencode_rfc3986($input) | |
| { | |
| if (is_array($input)) { | |
| return array_map(array('Twitauth', '_urlencode_rfc3986'), $input); | |
| } | |
| else if (is_scalar($input)) { | |
| return str_replace('+',' ',str_replace('%7E', '~', rawurlencode($input))); | |
| } | |
| else{ | |
| return ''; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment