Quickbooks oAuth 401 error - works in postman

I am trying to connect to Quickbooks and can’t initialize the call. All is working in Postman, but when I try to setup the API connector, I get 401 errors.

Thanks for your help. It’s appreciated.

Postman:

I’m able to get a token

image1128×1076 67.5 KB

The response is successful.

image1200×1103 268 KB

So, bringing it back to bubble, I have the API connector set up as

image1200×1239 188 KB

I created the page to get the response code with a login workflow. The page requests and receives the response code. Clicking the QB test button launches Intuit’s oAuth, and returns to this page with the code, ready to get the token.

Elements on the stage:

image1239×278 36.7 KB

The action in the workflow:

image712×684 56.5 KB

After receiving the response code, I go back to the API Connector try to initialize, using the same endpoint as in Postman…

image1516×954 63.7 KB

…and the error

image1836×594 40 KB

Note: I found this in their dev docs. Could (should) I use parts of this as a Custom oAuth call as opposed to the User Agent?

https://developer.intuit.com/.well-known/openid_sandbox_configuration/

{
“issuer”:“https://oauth.platform.intuit.com/op/v1”,
“authorization_endpoint”:“https://appcenter.intuit.com/connect/oauth2”,
“token_endpoint”:“https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer”,
“userinfo_endpoint”:“https://sandbox-accounts.platform.intuit.com/v1/openid_connect/userinfo”,
“revocation_endpoint”:“https://developer.api.intuit.com/v2/oauth2/tokens/revoke”,
“jwks_uri”:“https://oauth.platform.intuit.com/op/v1/jwks”,
“response_types_supported”:[
“code”
],
“subject_types_supported”:[
“public”
],
“id_token_signing_alg_values_supported”:[
“RS256”
],
“scopes_supported”:[
“openid”,
“email”,
“profile”,
“address”,
“phone”
],
“token_endpoint_auth_methods_supported”:[
“client_secret_post”,
“client_secret_basic”
],
“claims_supported”:[
“aud”,
“exp”,
“iat”,
“iss”,
“realmid”,
“sub”
]
}

Again, thanks for your help.

Not sure about the impact of generic redirect URL:

41%20AM938×172 26.5 KB

You should need to involve yourself with all the redirects and tokens.

If you set up the data, and then use a Bubble button to “Login In With A Social Network” action, you will see your API appear in there.

That will then do all the tricky stuff.

@JohnMark, @NigelG,

Thank you for your replies. I didn’t associate the login with a social network with oAuth. Makes sense though. Accounting never seemed very social. I must need to get out more.

Now, when I click on the button, triggering the login with a social network, it takes me through the Intuit auth and returns me to the page in Bubble. Awesome.

Here’s where it gets weird. 3-5 seconds after the page is loaded, I get an error:

image1150×320 29.9 KB

There is a 302 Found message in the dev pane.

image1376×1594 444 KB

From Mozilla:

The HyperText Transfer Protocol (HTTP) 302 Found redirect status response code indicates that the resource requested has been temporarily moved to the URL given by the Location header. A browser redirects to this page but search engines don’t update their links to the resource (in ‘SEO-speak’, it is said that the ‘link-juice’ is not sent to the new URL).

Even if the specification requires the method (and the body) not to be altered when the redirection is performed, not all user-agents conform here - you can still find this type of bugged software out there. It is therefore recommended to set the 302 code only as a response for GET or HEAD methods and to use 307 Temporary Redirect instead, as the method change is explicitly prohibited in that case.

In the cases where you want the method used to be changed to GET , use 303 See Other instead. This is useful when you want to give a response to a PUT method that is not the uploaded resource but a confirmation message such as: ‘you successfully uploaded XYZ’.

It seems like after returning to the page, Bubble is unable to use the return code to get a token. Does this sound right? If so, how would I fix it? I’ve changed oAuth settings in the API connector, and get an invalid client message, also 3-5 seconds after the returning page load.

image1114×312 19.2 KB

A million thanks for your help.

I found this sample POST in their docs

POST /v3/company/1029354210/invoice HTTP/1.1
Authorization: OAuth oauth_consumer_key=“qyprdrnnYtp”, oauth_nonce=“nOE7oSycsIAYjkJq7G4F7ASedKc4yIPd”, oauth_signature=“cJnrSEG…OkhbQG4%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1452102114”, oauth_token=“qyprdI4XnaU3…Rnj9978w1H8GLmb99DtU6qv”, oauth_version=“1.0”

Does the Bubble oAuth follow the same method of sending header data? I’ve noticed some instances with Intuit where their naming conventions are a bit different.

That looks very much like an Oauth1 call rather than Oauth2.

Doing that in Bubble is not easy at all, you should just be able to use the v3 API and pass a Bearer token.

If you can give me a few hours will see if I can get it working.

@scottb50 , have you been able to solve this issue ? I’m having the same QuickBooks connection issues

Hi Karim, did you figure this out yet?

I’ve been down this road and already solved it. We had to handle the OAuth tokens manually for OAuth2 otherwise the webhooks couldn’t verify we were authorized to receive them. Let me know if you need help.

Edit: We did it for Quickbooks Online. Not sure if you’re on desktop or not.

@armcburn thanks for replying !
Unfortunately, I still haven’t managed to solve this issue, I’d love to know more about your workaround please !
Indeed, I’m trying with QB Online too, not with desktop