Handling the QuickBooks OAuth callback

Intuit requires a popup to OAuth.

When OAuth'ing with another service like Twitter, EBay, etc. it is common to redirect the user using the entire page as it makes returning back to the host application technically easier. Intuit, however, requires for C2QB compliance that authentication happens in a popup.

Solution: 2 step process to handle the QuickBooks OAuth callback

Example is in Rails but easily translates to different web dev ecosystems.

1.

Example of the controller action that maps to the Intuit App Card route/url regarding the handling of the OAuth callback (e.g. /quickbooks/oauth_callback). The "Intuit App Card" is what they call the area that various names and urls are set for development and production. Make sure to persist the QuickBooks OAuth credentials in this step.

  def oauth_callback
    # ... code omitted for saving the account's OAuth secret and token
    if # ... omitted ...
      # Set flash.notice as this will persist even when using the javascript based redirect in step 2
      flash.notice = "Your QuickBooks account has been successfully linked to your account."
      @msg = 'Redirecting. Please wait.'
      @url = quickbooks_accounts_path
    end
    render 'shared/close_and_redirect'
  end

2.

Here is the content of shared/close_and_redirect rendered from step 1. The window.opener refers to your main or original page that initiated the authentication popup. Therefore, the window.opener.location will navigate to the route you specified in @url within the main page. Lastly, the authentication popup is closed and the user is properly OAuth'd and ready to communicate with QuickBooks.

!!!
%html
  %head
    %title= @msg 
  %body
    %h3= @msg

    :javascript
      setTimeout(function(){ window.opener.location = '#{@url}';window.close(); }, 2000);