Authenticating with FreeAgent

Hi,

Yes, I get that - but they’d then have to click “allow” each time they use
my app.

This is for a web app, so the user would need to log in to my site in order
for me to know who they are. Now, I could do what you suggest but then
every time they came to log in to my site they would have to click “allow”
in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may be
more appropriate.

FransOn Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,

Indeed you have to use OAuth to authenticate your app with FreeAgent, but
you do not have to create any extra users. Just sign up to the Dev
Dashboard and create an app, which will give you the OAuth App Identifier
and Secret tokens.

Once you have these and feed them into your OAuth library, you can have a
“Sign in with FA” button in your app that redirects users to the app
authorisation page. If they are not already logged in, we will ask for
their credentials. Once they click “Allow”, your app will receive an
authorisation code which you will then need to exchange for refresh and
access tokens for that particular user.

Once you have the access token, you can use it to make requests to the API
for that user’s data.

Best regards,
Ioan

On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for
our company’s use (to do with time recording). As such, I would like the
user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to create
and authenticate my own users and then use OAuth to link them to FAC. If
there was support for something like OpenID I could simply let them “sign
in with FAC”.
Am I missing something that is already there? If so, any pointers on how
to utilise it?

Thanks,
Frans

Hi,

Your users would only have to click “Authorize” once. As I said above, at
this stage you will receive an authorization token which you will have to
exchange for a access and refresh tokens. Store these two somewhere and
associate them with the logged in user. From then on you can just make the
requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time, which
you will get back as part of the token exchage requesthttps://dev.freeagent.com/docs/oauth#the-access-token-request.
You probably want to store this too. Currently the expiration time is set
to 7 days, after which you will have to request a new access tokenhttps://dev.freeagent.com/docs/oauth#refreshing-the-access-tokenusing the user’s stored refresh token. This can be done by your web app in
the background without needing any action from the user’s part.

Best regards,
IoanOn Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they use
my app.

This is for a web app, so the user would need to log in to my site in
order for me to know who they are. Now, I could do what you suggest but
then every time they came to log in to my site they would have to click
“allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may
be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,

Indeed you have to use OAuth to authenticate your app with FreeAgent, but
you do not have to create any extra users. Just sign up to the Dev
Dashboard and create an app, which will give you the OAuth App Identifier
and Secret tokens.

Once you have these and feed them into your OAuth library, you can have a
“Sign in with FA” button in your app that redirects users to the app
authorisation page. If they are not already logged in, we will ask for
their credentials. Once they click “Allow”, your app will receive an
authorisation code which you will then need to exchange for refresh and
access tokens for that particular user.

Once you have the access token, you can use it to make requests to the
API for that user’s data.

Best regards,
Ioan

On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for
our company’s use (to do with time recording). As such, I would like the
user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to
create and authenticate my own users and then use OAuth to link them to
FAC. If there was support for something like OpenID I could simply let them
“sign in with FAC”.
Am I missing something that is already there? If so, any pointers on how
to utilise it?

Thanks,
Frans

Hi Ioan,

Sorry for not being clear. Yes, you are right about what you are saying.
But… “Store these two somewhere and associate them with the logged in
user”…

  1. A new user comes to my sites. I give them the “log in with FAC”
    button, they put in their details and click authorize.
  2. I create a new user account in my DB and store their token and their
    FAC details.
  3. User logs out
  4. User comes back, opens browser and go to my site. I do not have a
    password stored for him, I want him to click on the “log in with FAC”
    button, which he duly does. He will then be asked to Authorize again.

The point I am (badly) trying to make is that I want FAC to be responsible
for authenticating the user. That way I don’t have to store a password or
provide a login screen.

I do understand that oAuth is for authorising users and not *
authenticating* them; oAuth relies on me already having authenticated the
user in my app and then using oAuth authorisation to be allowed to do
stuff on behalf of that user in FAC. Hence, what I am suggesting is a new
feature
for FAC to be an *authentication *provider. OpenID is a route for
that, as is OpenID Connect (now part of oAuth 2).
Alternatively, you could provide a way to use the Authorization flow you
already provide, but without showing the Authorize button. The problem with
that, of course, is that it violates oAuth and opens up security loopholes
that the caller will have to carefully manage. Not a good idea really :slight_smile:

Hope that makes more sense.

Thanks,
FransOn Thursday, January 17, 2013 2:45:54 PM UTC, io...@freeagent.com wrote:

Hi,

Your users would only have to click “Authorize” once. As I said above, at
this stage you will receive an authorization token which you will have to
exchange for a access and refresh tokens. Store these two somewhere and
associate them with the logged in user. From then on you can just make the
requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time, which
you will get back as part of the token exchage requesthttps://dev.freeagent.com/docs/oauth#the-access-token-request.
You probably want to store this too. Currently the expiration time is set
to 7 days, after which you will have to request a new access tokenhttps://dev.freeagent.com/docs/oauth#refreshing-the-access-tokenusing the user’s stored refresh token. This can be done by your web app in
the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they
use my app.

This is for a web app, so the user would need to log in to my site in
order for me to know who they are. Now, I could do what you suggest
but then every time they came to log in to my site they would have to click
“allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may
be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,

Indeed you have to use OAuth to authenticate your app with FreeAgent,
but you do not have to create any extra users. Just sign up to the Dev
Dashboard and create an app, which will give you the OAuth App Identifier
and Secret tokens.

Once you have these and feed them into your OAuth library, you can have
a “Sign in with FA” button in your app that redirects users to the app
authorisation page. If they are not already logged in, we will ask for
their credentials. Once they click “Allow”, your app will receive an
authorisation code which you will then need to exchange for refresh and
access tokens for that particular user.

Once you have the access token, you can use it to make requests to the
API for that user’s data.

Best regards,
Ioan

On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for
our company’s use (to do with time recording). As such, I would like the
user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to
create and authenticate my own users and then use OAuth to link them to
FAC. If there was support for something like OpenID I could simply let them
“sign in with FAC”.
Am I missing something that is already there? If so, any pointers on
how to utilise it?

Thanks,
Frans

Well I got the tokens, but this means that I should refresh them every 7
days? I think we can set the script to function as a web-app with URI, but
it means a different approach to spreadsheets (now it uses Active
Spreadsheet to make it work in any spreadsheet I am working in), a web-app
should have a hardcoded spreadsheet configured to work with in my case, so
it will not be usable in any other spreadsheet without changing the code.

On the other hand, this will only be used one user, so cannot we
authenticate manually for one user and let the script refresh the token
itself?

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

riel@zzapps.nl
http://www.zzapps.nl2013/1/18 Ioan Dragos Serban ioan@freeagent.com

I see. Can you somehow enable a custom URI scheme (e.g. yourscript://) or
have a URL point to a function in your script? Then you could set the
redirect URI to that.

Otherwise I think you might have to use Google OAuth Playground and get
your tokens from there manually.

Best regards,
Ioan

On Friday, 18 January 2013 at 13:14, Riël Notermans wrote:

Well that’s kind of hard, because this script is running from a Google
Apps spreadsheet. I wonder how to redirect to that… Lets see how that
works in reallife.

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

riel@zzapps.nl
http://www.zzapps.nl

2013/1/18 Ioan Dragos Serban ioan@freeagent.com

The redirect URI is used by FreeAgent to know how to redirect back to your
app after you click the “Authorise” button to authorise the app to access
the FreeAgent data.
You can either set this up in your Dev Dashboard app details or pass it in
manually when doing the authorisation and exchange requests.

It is really only used in the authorisation step since we need to open the
approval page and then redirect back to your app, but if you pass it in
when doing the authorisation request and
not when you do the exchange request, you might run into issues, so I
included that as a potential gotcha.

Best regards,
Ioan

On Friday, 18 January 2013 at 12:57, Riël Notermans wrote:

Ok thank you, I will see if I can make a common function for that in
Google Apps Script.

But one question, the redirect URI … what is that ?

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

riel@zzapps.nl
http://www.zzapps.nl

2013/1/18 ioan@freeagent.com

Hi Riel,

For the exchange request you will need to set the ‘Content-Type’ header to
‘application/x-www-form-urlencoded’, the authorization username to your
client ID and authorization password to your client secret, and the body to:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

If you have not set a redirect URI in the dev dashboard, you will also
need to pass in a URL-encoded redirect URI:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE
&redirect_uri=YOUR_REDIRECT_URI

POST the request to https://api.freeagent.com/v2/token_endpoint and you
should get back your tokens in the response.

Here https://gist.github.com/9f5fa66581e24dc9c85f is a sample Sinatrahttp://www.sinatrarb.com/app that contains code to get the authentication request and exchange that
for the access and refresh tokens. The code should be pretty similar in
other languages.

Hope this helps.

Ioan

On Friday, 18 January 2013 00:10:10 UTC, Riël Notermans wrote:

Hello Ioan,

I am just struggling on the proper syntax for getting the exchange
request. Could you show an example of that? I gives ‘resource not found’,
don’t know what to put in headers and body.

Kind regards,
Riel

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

ri…@zzapps.nl
http://www.zzapps.nl

2013/1/17 io...@freeagent.com

Hi,

Your users would only have to click “Authorize” once. As I said above, at
this stage you will receive an authorization token which you will have to
exchange for a access and refresh tokens. Store these two somewhere and
associate them with the logged in user. From then on you can just make the
requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time, which
you will get back as part of the token exchage requesthttps://dev.freeagent.com/docs/oauth#the-access-token-request.
You probably want to store this too. Currently the expiration time is set
to 7 days, after which you will have to request a new access tokenhttps://dev.freeagent.com/docs/oauth#refreshing-the-access-tokenusing the user’s stored refresh token. This can be done by your web app in
the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they use
my app.

This is for a web app, so the user would need to log in to my site in
order for me to know who they are. Now, I could do what you suggest but
then every time they came to log in to my site they would have to click
“allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may
be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,

Indeed you have to use OAuth to authenticate your app with FreeAgent, but
you do not have to create any extra users. Just sign up to the Dev
Dashboard and create an app, which will give you the OAuth App Identifier
and Secret tokens.

Once you have these and feed them into your OAuth library, you can have a
“Sign in with FA” button in your app that redirects users to the app
authorisation page. If they are not already logged in, we will ask for
their credentials. Once they click “Allow”, your app will receive an
authorisation code which you will then need to exchange for refresh and
access tokens for that particular user.

Once you have the access token, you can use it to make requests to the API
for that user’s data.

Best regards,
Ioan

On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for
our company’s use (to do with time recording). As such, I would like the
user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to create
and authenticate my own users and then use OAuth to link them to FAC. If
there was support for something like OpenID I could simply let them “sign
in with FAC”.
Am I missing something that is already there? If so, any pointers on how
to utilise it?

Thanks,
Frans


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/**
msg/freeagent_api/-/**GaiZBFK1fswJhttps://groups.google.com/d/msg/freeagent_api/-/GaiZBFK1fswJ
.

To post to this group, send email to freeag...@googlegroups.com**.
To unsubscribe from this group, send email to freeagent_ap…@**
googlegroups.com.

For more options, visit this group at http://groups.google.com/**
group/freeagent_api?hl=enhttp://groups.google.com/group/freeagent_api?hl=en
.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To view this discussion on the web visit
https://groups.google.com/d/msg/freeagent_api/-/38y7oFy8-PQJ.

To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.

Actually looking at the docs you don’t even need a redirect URI for the refresh request to work.

Ioan Dragos Serban
Ruby Engineer

Web: http://www.freeagent.com
Twitter: http://twitter.com/freeagent
Facebook: http://www.facebook.com/freeagentapp

FreeAgent Central Ltd, 40 Torphichen Street, Edinburgh EH3 8JB
Registered in Scotland SC316774
0131 447 0011On Friday, 18 January 2013 at 13:43, Ioan Dragos Serban wrote:

On the other hand, this will only be used one user, so cannot we authenticate manually for one user and let the script refresh the token itself?

Yes, in this case you could do this indeed. Just set up a dummy redirect URI in the dev dashboard, and whenever you need to refresh POST a request to https://api.freeagent.com/v2/token_endpoint with the same header and authentication data as mentioned above and the body as “grant_type=refresh_token&refresh_token=YOUR_REFRESH_TOKEN”.

Ioan

On Friday, 18 January 2013 at 13:33, Riël Notermans wrote:

Well I got the tokens, but this means that I should refresh them every 7 days? I think we can set the script to function as a web-app with URI, but it means a different approach to spreadsheets (now it uses Active Spreadsheet to make it work in any spreadsheet I am working in), a web-app should have a hardcoded spreadsheet configured to work with in my case, so it will not be usable in any other spreadsheet without changing the code.

On the other hand, this will only be used one user, so cannot we authenticate manually for one user and let the script refresh the token itself?

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

riel@zzapps.nl (mailto:riel@zzapps.nl)
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/18 Ioan Dragos Serban <ioan@freeagent.com (mailto:ioan@freeagent.com)>

I see. Can you somehow enable a custom URI scheme (e.g. yourscript://) or have a URL point to a function in your script? Then you could set the redirect URI to that.

Otherwise I think you might have to use Google OAuth Playground and get your tokens from there manually.

Best regards,
Ioan

On Friday, 18 January 2013 at 13:14, Riël Notermans wrote:

Well that’s kind of hard, because this script is running from a Google Apps spreadsheet. I wonder how to redirect to that… Lets see how that works in reallife.

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

riel@zzapps.nl (mailto:riel@zzapps.nl)
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/18 Ioan Dragos Serban <ioan@freeagent.com (mailto:ioan@freeagent.com)>

The redirect URI is used by FreeAgent to know how to redirect back to your app after you click the “Authorise” button to authorise the app to access the FreeAgent data.
You can either set this up in your Dev Dashboard app details or pass it in manually when doing the authorisation and exchange requests.

It is really only used in the authorisation step since we need to open the approval page and then redirect back to your app, but if you pass it in when doing the authorisation request and
not when you do the exchange request, you might run into issues, so I included that as a potential gotcha.

Best regards,
Ioan

On Friday, 18 January 2013 at 12:57, Riël Notermans wrote:

Ok thank you, I will see if I can make a common function for that in Google Apps Script.

But one question, the redirect URI … what is that ?

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

riel@zzapps.nl (mailto:riel@zzapps.nl)
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/18 <ioan@freeagent.com (mailto:ioan@freeagent.com)>

Hi Riel,

For the exchange request you will need to set the ‘Content-Type’ header to ‘application/x-www-form-urlencoded’, the authorization username to your client ID and authorization password to your client secret, and the body to:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

If you have not set a redirect URI in the dev dashboard, you will also need to pass in a URL-encoded redirect URI:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE&redirect_uri=YOUR_REDIRECT_URI

POST the request to https://api.freeagent.com/v2/token_endpoint and you should get back your tokens in the response.

Here (https://gist.github.com/9f5fa66581e24dc9c85f) is a sample Sinatra (http://www.sinatrarb.com/) app that contains code to get the authentication request and exchange that for the access and refresh tokens. The code should be pretty similar in other languages.

Hope this helps.

Ioan

On Friday, 18 January 2013 00:10:10 UTC, Riël Notermans wrote:

Hello Ioan,

I am just struggling on the proper syntax for getting the exchange request. Could you show an example of that? I gives ‘resource not found’, don’t know what to put in headers and body.

Kind regards,
Riel

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

ri…@zzapps.nl
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/17 io...@freeagent.com

Hi,

Your users would only have to click “Authorize” once. As I said above, at this stage you will receive an authorization token which you will have to exchange for a access and refresh tokens. Store these two somewhere and associate them with the logged in user. From then on you can just make the requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time, which you will get back as part of the token exchage request (https://dev.freeagent.com/docs/oauth#the-access-token-request). You probably want to store this too. Currently the expiration time is set to 7 days, after which you will have to request a new access token (https://dev.freeagent.com/docs/oauth#refreshing-the-access-token) using the user’s stored refresh token. This can be done by your web app in the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they use my app.

This is for a web app, so the user would need to log in to my site in order for me to know who they are. Now, I could do what you suggest but then every time they came to log in to my site they would have to click “allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,
Indeed you have to use OAuth to authenticate your app with FreeAgent, but you do not have to create any extra users. Just sign up to the Dev Dashboard and create an app, which will give you the OAuth App Identifier and Secret tokens.
Once you have these and feed them into your OAuth library, you can have a “Sign in with FA” button in your app that redirects users to the app authorisation page. If they are not already logged in, we will ask for their credentials. Once they click “Allow”, your app will receive an authorisation code which you will then need to exchange for refresh and access tokens for that particular user.
Once you have the access token, you can use it to make requests to the API for that user’s data.
Best regards,
Ioan
On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for our company’s use (to do with time recording). As such, I would like the user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to create and authenticate my own users and then use OAuth to link them to FAC. If there was support for something like OpenID I could simply let them “sign in with FAC”.
Am I missing something that is already there? If so, any pointers on how to utilise it?

Thanks,
Frans


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/msg/freeagent_api/-/GaiZBFK1fswJ.

To post to this group, send email to freeag...@googlegroups.com.
To unsubscribe from this group, send email to freeagent_ap...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/msg/freeagent_api/-/38y7oFy8-PQJ.

To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api%2Bunsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api+unsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api%2Bunsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api+unsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api%2Bunsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api+unsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.

Hi Riel,

For the exchange request you will need to set the ‘Content-Type’ header to
‘application/x-www-form-urlencoded’, the authorization username to your
client ID and authorization password to your client secret, and the body to:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

If you have not set a redirect URI in the dev dashboard, you will also need
to pass in a URL-encoded redirect URI:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

&redirect_uri=YOUR_REDIRECT_URI

POST the request to https://api.freeagent.com/v2/token_endpoint and you
should get back your tokens in the response.

Here https://gist.github.com/9f5fa66581e24dc9c85f is a sample Sinatrahttp://www.sinatrarb.com/app that contains code to get the authentication request and exchange that
for the access and refresh tokens. The code should be pretty similar in
other languages.

Hope this helps.

IoanOn Friday, 18 January 2013 00:10:10 UTC, Riël Notermans wrote:

Hello Ioan,

I am just struggling on the proper syntax for getting the exchange
request. Could you show an example of that? I gives ‘resource not found’,
don’t know what to put in headers and body.

Kind regards,
Riel

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

ri…@zzapps.nl <javascript:>
http://www.zzapps.nl

2013/1/17 <io...@freeagent.com <javascript:>>

Hi,

Your users would only have to click “Authorize” once. As I said above, at
this stage you will receive an authorization token which you will have to
exchange for a access and refresh tokens. Store these two somewhere and
associate them with the logged in user. From then on you can just make the
requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time,
which you will get back as part of the token exchage requesthttps://dev.freeagent.com/docs/oauth#the-access-token-request.
You probably want to store this too. Currently the expiration time is set
to 7 days, after which you will have to request a new access tokenhttps://dev.freeagent.com/docs/oauth#refreshing-the-access-tokenusing the user’s stored refresh token. This can be done by your web app in
the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they
use my app.

This is for a web app, so the user would need to log in to my site in
order for me to know who they are. Now, I could do what you suggest
but then every time they came to log in to my site they would have to click
“allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may
be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io…@freeagent.comwrote:

Hi Frans,

Indeed you have to use OAuth to authenticate your app with FreeAgent,
but you do not have to create any extra users. Just sign up to the Dev
Dashboard and create an app, which will give you the OAuth App Identifier
and Secret tokens.

Once you have these and feed them into your OAuth library, you can have
a “Sign in with FA” button in your app that redirects users to the app
authorisation page. If they are not already logged in, we will ask for
their credentials. Once they click “Allow”, your app will receive an
authorisation code which you will then need to exchange for refresh and
access tokens for that particular user.

Once you have the access token, you can use it to make requests to the
API for that user’s data.

Best regards,
Ioan

On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent
for our company’s use (to do with time recording). As such, I would like
the user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to
create and authenticate my own users and then use OAuth to link them to
FAC. If there was support for something like OpenID I could simply let them
“sign in with FAC”.
Am I missing something that is already there? If so, any pointers on
how to utilise it?

Thanks,
Frans


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To view this discussion on the web visit
https://groups.google.com/d/msg/freeagent_api/-/GaiZBFK1fswJ.

To post to this group, send email to freeag...@googlegroups.com<javascript:>
.
To unsubscribe from this group, send email to
freeagent_ap...@googlegroups.com <javascript:>.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.

Ok thank you, I will see if I can make a common function for that in
Google Apps Script.

But one question, the redirect URI … what is that ?

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

riel@zzapps.nl
http://www.zzapps.nl2013/1/18 ioan@freeagent.com

Hi Riel,

For the exchange request you will need to set the ‘Content-Type’ header to
‘application/x-www-form-urlencoded’, the authorization username to your
client ID and authorization password to your client secret, and the body to:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

If you have not set a redirect URI in the dev dashboard, you will also
need to pass in a URL-encoded redirect URI:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

&redirect_uri=YOUR_REDIRECT_URI

POST the request to https://api.freeagent.com/v2/token_endpoint and you
should get back your tokens in the response.

Here https://gist.github.com/9f5fa66581e24dc9c85f is a sample Sinatrahttp://www.sinatrarb.com/app that contains code to get the authentication request and exchange that
for the access and refresh tokens. The code should be pretty similar in
other languages.

Hope this helps.

Ioan

On Friday, 18 January 2013 00:10:10 UTC, Riël Notermans wrote:

Hello Ioan,

I am just struggling on the proper syntax for getting the exchange
request. Could you show an example of that? I gives ‘resource not found’,
don’t know what to put in headers and body.

Kind regards,
Riel

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

ri…@zzapps.nl
http://www.zzapps.nl

2013/1/17 io...@freeagent.com

Hi,

Your users would only have to click “Authorize” once. As I said above,
at this stage you will receive an authorization token which you will have
to exchange for a access and refresh tokens. Store these two somewhere and
associate them with the logged in user. From then on you can just make the
requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time,
which you will get back as part of the token exchage requesthttps://dev.freeagent.com/docs/oauth#the-access-token-request.
You probably want to store this too. Currently the expiration time is set
to 7 days, after which you will have to request a new access tokenhttps://dev.freeagent.com/docs/oauth#refreshing-the-access-tokenusing the user’s stored refresh token. This can be done by your web app in
the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they
use my app.

This is for a web app, so the user would need to log in to my site in
order for me to know who they are. Now, I could do what you suggest
but then every time they came to log in to my site they would have to click
“allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID
may be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io…@freeagent.comwrote:

Hi Frans,

Indeed you have to use OAuth to authenticate your app with FreeAgent,
but you do not have to create any extra users. Just sign up to the Dev
Dashboard and create an app, which will give you the OAuth App Identifier
and Secret tokens.

Once you have these and feed them into your OAuth library, you can
have a “Sign in with FA” button in your app that redirects users to the app
authorisation page. If they are not already logged in, we will ask for
their credentials. Once they click “Allow”, your app will receive an
authorisation code which you will then need to exchange for refresh and
access tokens for that particular user.

Once you have the access token, you can use it to make requests to the
API for that user’s data.

Best regards,
Ioan

On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent
for our company’s use (to do with time recording). As such, I would like
the user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to
create and authenticate my own users and then use OAuth to link them to
FAC. If there was support for something like OpenID I could simply let them
“sign in with FAC”.
Am I missing something that is already there? If so, any pointers on
how to utilise it?

Thanks,
Frans


You received this message because you are subscribed to the Google
Groups “FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/**
msg/freeagent_api/-/**GaiZBFK1fswJhttps://groups.google.com/d/msg/freeagent_api/-/GaiZBFK1fswJ
.

To post to this group, send email to freeag...@googlegroups.com**.
To unsubscribe from this group, send email to freeagent_ap…@**
googlegroups.com.

For more options, visit this group at http://groups.google.com/**
group/freeagent_api?hl=enhttp://groups.google.com/group/freeagent_api?hl=en
.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To view this discussion on the web visit
https://groups.google.com/d/msg/freeagent_api/-/38y7oFy8-PQJ.

To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.

Well that’s kind of hard, because this script is running from a Google Apps
spreadsheet. I wonder how to redirect to that… Lets see how that works in
reallife.

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

riel@zzapps.nl
http://www.zzapps.nl2013/1/18 Ioan Dragos Serban ioan@freeagent.com

The redirect URI is used by FreeAgent to know how to redirect back to your
app after you click the “Authorise” button to authorise the app to access
the FreeAgent data.
You can either set this up in your Dev Dashboard app details or pass it in
manually when doing the authorisation and exchange requests.

It is really only used in the authorisation step since we need to open the
approval page and then redirect back to your app, but if you pass it in
when doing the authorisation request and
not when you do the exchange request, you might run into issues, so I
included that as a potential gotcha.

Best regards,
Ioan

On Friday, 18 January 2013 at 12:57, Riël Notermans wrote:

Ok thank you, I will see if I can make a common function for that in
Google Apps Script.

But one question, the redirect URI … what is that ?

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

riel@zzapps.nl
http://www.zzapps.nl

2013/1/18 ioan@freeagent.com

Hi Riel,

For the exchange request you will need to set the ‘Content-Type’ header to
‘application/x-www-form-urlencoded’, the authorization username to your
client ID and authorization password to your client secret, and the body to:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

If you have not set a redirect URI in the dev dashboard, you will also
need to pass in a URL-encoded redirect URI:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE
&redirect_uri=YOUR_REDIRECT_URI

POST the request to https://api.freeagent.com/v2/token_endpoint and you
should get back your tokens in the response.

Here https://gist.github.com/9f5fa66581e24dc9c85f is a sample Sinatrahttp://www.sinatrarb.com/app that contains code to get the authentication request and exchange that
for the access and refresh tokens. The code should be pretty similar in
other languages.

Hope this helps.

Ioan

On Friday, 18 January 2013 00:10:10 UTC, Riël Notermans wrote:

Hello Ioan,

I am just struggling on the proper syntax for getting the exchange
request. Could you show an example of that? I gives ‘resource not found’,
don’t know what to put in headers and body.

Kind regards,
Riel

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

ri…@zzapps.nl
http://www.zzapps.nl

2013/1/17 io...@freeagent.com

Hi,

Your users would only have to click “Authorize” once. As I said above, at
this stage you will receive an authorization token which you will have to
exchange for a access and refresh tokens. Store these two somewhere and
associate them with the logged in user. From then on you can just make the
requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time, which
you will get back as part of the token exchage requesthttps://dev.freeagent.com/docs/oauth#the-access-token-request.
You probably want to store this too. Currently the expiration time is set
to 7 days, after which you will have to request a new access tokenhttps://dev.freeagent.com/docs/oauth#refreshing-the-access-tokenusing the user’s stored refresh token. This can be done by your web app in
the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they use
my app.

This is for a web app, so the user would need to log in to my site in
order for me to know who they are. Now, I could do what you suggest but
then every time they came to log in to my site they would have to click
“allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may
be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,

Indeed you have to use OAuth to authenticate your app with FreeAgent, but
you do not have to create any extra users. Just sign up to the Dev
Dashboard and create an app, which will give you the OAuth App Identifier
and Secret tokens.

Once you have these and feed them into your OAuth library, you can have a
“Sign in with FA” button in your app that redirects users to the app
authorisation page. If they are not already logged in, we will ask for
their credentials. Once they click “Allow”, your app will receive an
authorisation code which you will then need to exchange for refresh and
access tokens for that particular user.

Once you have the access token, you can use it to make requests to the API
for that user’s data.

Best regards,
Ioan

On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for
our company’s use (to do with time recording). As such, I would like the
user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to create
and authenticate my own users and then use OAuth to link them to FAC. If
there was support for something like OpenID I could simply let them “sign
in with FAC”.
Am I missing something that is already there? If so, any pointers on how
to utilise it?

Thanks,
Frans


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/**
msg/freeagent_api/-/**GaiZBFK1fswJhttps://groups.google.com/d/msg/freeagent_api/-/GaiZBFK1fswJ
.

To post to this group, send email to freeag...@googlegroups.com**.
To unsubscribe from this group, send email to freeagent_ap…@**
googlegroups.com.

For more options, visit this group at http://groups.google.com/**
group/freeagent_api?hl=enhttp://groups.google.com/group/freeagent_api?hl=en
.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To view this discussion on the web visit
https://groups.google.com/d/msg/freeagent_api/-/38y7oFy8-PQJ.

To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.

On the other hand, this will only be used one user, so cannot we authenticate manually for one user and let the script refresh the token itself?

Yes, in this case you could do this indeed. Just set up a dummy redirect URI in the dev dashboard, and whenever you need to refresh POST a request to https://api.freeagent.com/v2/token_endpoint with the same header and authentication data as mentioned above and the body as “grant_type=refresh_token&refresh_token=YOUR_REFRESH_TOKEN”.

IoanOn Friday, 18 January 2013 at 13:33, Riël Notermans wrote:

Well I got the tokens, but this means that I should refresh them every 7 days? I think we can set the script to function as a web-app with URI, but it means a different approach to spreadsheets (now it uses Active Spreadsheet to make it work in any spreadsheet I am working in), a web-app should have a hardcoded spreadsheet configured to work with in my case, so it will not be usable in any other spreadsheet without changing the code.

On the other hand, this will only be used one user, so cannot we authenticate manually for one user and let the script refresh the token itself?

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

riel@zzapps.nl (mailto:riel@zzapps.nl)
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/18 Ioan Dragos Serban <ioan@freeagent.com (mailto:ioan@freeagent.com)>

I see. Can you somehow enable a custom URI scheme (e.g. yourscript://) or have a URL point to a function in your script? Then you could set the redirect URI to that.

Otherwise I think you might have to use Google OAuth Playground and get your tokens from there manually.

Best regards,
Ioan

On Friday, 18 January 2013 at 13:14, Riël Notermans wrote:

Well that’s kind of hard, because this script is running from a Google Apps spreadsheet. I wonder how to redirect to that… Lets see how that works in reallife.

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

riel@zzapps.nl (mailto:riel@zzapps.nl)
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/18 Ioan Dragos Serban <ioan@freeagent.com (mailto:ioan@freeagent.com)>

The redirect URI is used by FreeAgent to know how to redirect back to your app after you click the “Authorise” button to authorise the app to access the FreeAgent data.
You can either set this up in your Dev Dashboard app details or pass it in manually when doing the authorisation and exchange requests.

It is really only used in the authorisation step since we need to open the approval page and then redirect back to your app, but if you pass it in when doing the authorisation request and
not when you do the exchange request, you might run into issues, so I included that as a potential gotcha.

Best regards,
Ioan

On Friday, 18 January 2013 at 12:57, Riël Notermans wrote:

Ok thank you, I will see if I can make a common function for that in Google Apps Script.

But one question, the redirect URI … what is that ?

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

riel@zzapps.nl (mailto:riel@zzapps.nl)
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/18 <ioan@freeagent.com (mailto:ioan@freeagent.com)>

Hi Riel,

For the exchange request you will need to set the ‘Content-Type’ header to ‘application/x-www-form-urlencoded’, the authorization username to your client ID and authorization password to your client secret, and the body to:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

If you have not set a redirect URI in the dev dashboard, you will also need to pass in a URL-encoded redirect URI:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE&redirect_uri=YOUR_REDIRECT_URI

POST the request to https://api.freeagent.com/v2/token_endpoint and you should get back your tokens in the response.

Here (https://gist.github.com/9f5fa66581e24dc9c85f) is a sample Sinatra (http://www.sinatrarb.com/) app that contains code to get the authentication request and exchange that for the access and refresh tokens. The code should be pretty similar in other languages.

Hope this helps.

Ioan

On Friday, 18 January 2013 00:10:10 UTC, Riël Notermans wrote:

Hello Ioan,

I am just struggling on the proper syntax for getting the exchange request. Could you show an example of that? I gives ‘resource not found’, don’t know what to put in headers and body.

Kind regards,
Riel

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

ri…@zzapps.nl
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/17 io...@freeagent.com

Hi,

Your users would only have to click “Authorize” once. As I said above, at this stage you will receive an authorization token which you will have to exchange for a access and refresh tokens. Store these two somewhere and associate them with the logged in user. From then on you can just make the requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time, which you will get back as part of the token exchage request (https://dev.freeagent.com/docs/oauth#the-access-token-request). You probably want to store this too. Currently the expiration time is set to 7 days, after which you will have to request a new access token (https://dev.freeagent.com/docs/oauth#refreshing-the-access-token) using the user’s stored refresh token. This can be done by your web app in the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they use my app.

This is for a web app, so the user would need to log in to my site in order for me to know who they are. Now, I could do what you suggest but then every time they came to log in to my site they would have to click “allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,
Indeed you have to use OAuth to authenticate your app with FreeAgent, but you do not have to create any extra users. Just sign up to the Dev Dashboard and create an app, which will give you the OAuth App Identifier and Secret tokens.
Once you have these and feed them into your OAuth library, you can have a “Sign in with FA” button in your app that redirects users to the app authorisation page. If they are not already logged in, we will ask for their credentials. Once they click “Allow”, your app will receive an authorisation code which you will then need to exchange for refresh and access tokens for that particular user.
Once you have the access token, you can use it to make requests to the API for that user’s data.
Best regards,
Ioan
On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for our company’s use (to do with time recording). As such, I would like the user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to create and authenticate my own users and then use OAuth to link them to FAC. If there was support for something like OpenID I could simply let them “sign in with FAC”.
Am I missing something that is already there? If so, any pointers on how to utilise it?

Thanks,
Frans


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/msg/freeagent_api/-/GaiZBFK1fswJ.

To post to this group, send email to freeag...@googlegroups.com.
To unsubscribe from this group, send email to freeagent_ap...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/msg/freeagent_api/-/38y7oFy8-PQJ.

To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api%2Bunsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api+unsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api%2Bunsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api+unsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api%2Bunsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api+unsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.

I see. Can you somehow enable a custom URI scheme (e.g. yourscript://) or have a URL point to a function in your script? Then you could set the redirect URI to that.

Otherwise I think you might have to use Google OAuth Playground and get your tokens from there manually.

Best regards,
IoanOn Friday, 18 January 2013 at 13:14, Riël Notermans wrote:

Well that’s kind of hard, because this script is running from a Google Apps spreadsheet. I wonder how to redirect to that… Lets see how that works in reallife.

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

riel@zzapps.nl (mailto:riel@zzapps.nl)
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/18 Ioan Dragos Serban <ioan@freeagent.com (mailto:ioan@freeagent.com)>

The redirect URI is used by FreeAgent to know how to redirect back to your app after you click the “Authorise” button to authorise the app to access the FreeAgent data.
You can either set this up in your Dev Dashboard app details or pass it in manually when doing the authorisation and exchange requests.

It is really only used in the authorisation step since we need to open the approval page and then redirect back to your app, but if you pass it in when doing the authorisation request and
not when you do the exchange request, you might run into issues, so I included that as a potential gotcha.

Best regards,
Ioan

On Friday, 18 January 2013 at 12:57, Riël Notermans wrote:

Ok thank you, I will see if I can make a common function for that in Google Apps Script.

But one question, the redirect URI … what is that ?

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

riel@zzapps.nl (mailto:riel@zzapps.nl)
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/18 <ioan@freeagent.com (mailto:ioan@freeagent.com)>

Hi Riel,

For the exchange request you will need to set the ‘Content-Type’ header to ‘application/x-www-form-urlencoded’, the authorization username to your client ID and authorization password to your client secret, and the body to:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

If you have not set a redirect URI in the dev dashboard, you will also need to pass in a URL-encoded redirect URI:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE&redirect_uri=YOUR_REDIRECT_URI

POST the request to https://api.freeagent.com/v2/token_endpoint and you should get back your tokens in the response.

Here (https://gist.github.com/9f5fa66581e24dc9c85f) is a sample Sinatra (http://www.sinatrarb.com/) app that contains code to get the authentication request and exchange that for the access and refresh tokens. The code should be pretty similar in other languages.

Hope this helps.

Ioan

On Friday, 18 January 2013 00:10:10 UTC, Riël Notermans wrote:

Hello Ioan,

I am just struggling on the proper syntax for getting the exchange request. Could you show an example of that? I gives ‘resource not found’, don’t know what to put in headers and body.

Kind regards,
Riel

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

ri…@zzapps.nl
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/17 io...@freeagent.com

Hi,

Your users would only have to click “Authorize” once. As I said above, at this stage you will receive an authorization token which you will have to exchange for a access and refresh tokens. Store these two somewhere and associate them with the logged in user. From then on you can just make the requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time, which you will get back as part of the token exchage request (https://dev.freeagent.com/docs/oauth#the-access-token-request). You probably want to store this too. Currently the expiration time is set to 7 days, after which you will have to request a new access token (https://dev.freeagent.com/docs/oauth#refreshing-the-access-token) using the user’s stored refresh token. This can be done by your web app in the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they use my app.

This is for a web app, so the user would need to log in to my site in order for me to know who they are. Now, I could do what you suggest but then every time they came to log in to my site they would have to click “allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,
Indeed you have to use OAuth to authenticate your app with FreeAgent, but you do not have to create any extra users. Just sign up to the Dev Dashboard and create an app, which will give you the OAuth App Identifier and Secret tokens.
Once you have these and feed them into your OAuth library, you can have a “Sign in with FA” button in your app that redirects users to the app authorisation page. If they are not already logged in, we will ask for their credentials. Once they click “Allow”, your app will receive an authorisation code which you will then need to exchange for refresh and access tokens for that particular user.
Once you have the access token, you can use it to make requests to the API for that user’s data.
Best regards,
Ioan
On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for our company’s use (to do with time recording). As such, I would like the user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to create and authenticate my own users and then use OAuth to link them to FAC. If there was support for something like OpenID I could simply let them “sign in with FAC”.
Am I missing something that is already there? If so, any pointers on how to utilise it?

Thanks,
Frans


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/msg/freeagent_api/-/GaiZBFK1fswJ.

To post to this group, send email to freeag...@googlegroups.com.
To unsubscribe from this group, send email to freeagent_ap...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/msg/freeagent_api/-/38y7oFy8-PQJ.

To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api%2Bunsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api+unsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api%2Bunsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api+unsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.

The redirect URI is used by FreeAgent to know how to redirect back to your app after you click the “Authorise” button to authorise the app to access the FreeAgent data.
You can either set this up in your Dev Dashboard app details or pass it in manually when doing the authorisation and exchange requests.

It is really only used in the authorisation step since we need to open the approval page and then redirect back to your app, but if you pass it in when doing the authorisation request and
not when you do the exchange request, you might run into issues, so I included that as a potential gotcha.

Best regards,
IoanOn Friday, 18 January 2013 at 12:57, Riël Notermans wrote:

Ok thank you, I will see if I can make a common function for that in Google Apps Script.

But one question, the redirect URI … what is that ?

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

riel@zzapps.nl (mailto:riel@zzapps.nl)
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/18 <ioan@freeagent.com (mailto:ioan@freeagent.com)>

Hi Riel,

For the exchange request you will need to set the ‘Content-Type’ header to ‘application/x-www-form-urlencoded’, the authorization username to your client ID and authorization password to your client secret, and the body to:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE

If you have not set a redirect URI in the dev dashboard, you will also need to pass in a URL-encoded redirect URI:

grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE&redirect_uri=YOUR_REDIRECT_URI

POST the request to https://api.freeagent.com/v2/token_endpoint and you should get back your tokens in the response.

Here (https://gist.github.com/9f5fa66581e24dc9c85f) is a sample Sinatra (http://www.sinatrarb.com/) app that contains code to get the authentication request and exchange that for the access and refresh tokens. The code should be pretty similar in other languages.

Hope this helps.

Ioan

On Friday, 18 January 2013 00:10:10 UTC, Riël Notermans wrote:

Hello Ioan,

I am just struggling on the proper syntax for getting the exchange request. Could you show an example of that? I gives ‘resource not found’, don’t know what to put in headers and body.

Kind regards,
Riel

Met vriendelijke groet,
Riël Notermans

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704 (tel:%2B31%20%280%296-46348704)

ri…@zzapps.nl
http://www.zzapps.nl (http://www.zzapps.nl/)

2013/1/17 io...@freeagent.com

Hi,

Your users would only have to click “Authorize” once. As I said above, at this stage you will receive an authorization token which you will have to exchange for a access and refresh tokens. Store these two somewhere and associate them with the logged in user. From then on you can just make the requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time, which you will get back as part of the token exchage request (https://dev.freeagent.com/docs/oauth#the-access-token-request). You probably want to store this too. Currently the expiration time is set to 7 days, after which you will have to request a new access token (https://dev.freeagent.com/docs/oauth#refreshing-the-access-token) using the user’s stored refresh token. This can be done by your web app in the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they use my app.

This is for a web app, so the user would need to log in to my site in order for me to know who they are. Now, I could do what you suggest but then every time they came to log in to my site they would have to click “allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,
Indeed you have to use OAuth to authenticate your app with FreeAgent, but you do not have to create any extra users. Just sign up to the Dev Dashboard and create an app, which will give you the OAuth App Identifier and Secret tokens.
Once you have these and feed them into your OAuth library, you can have a “Sign in with FA” button in your app that redirects users to the app authorisation page. If they are not already logged in, we will ask for their credentials. Once they click “Allow”, your app will receive an authorisation code which you will then need to exchange for refresh and access tokens for that particular user.
Once you have the access token, you can use it to make requests to the API for that user’s data.
Best regards,
Ioan
On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for our company’s use (to do with time recording). As such, I would like the user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to create and authenticate my own users and then use OAuth to link them to FAC. If there was support for something like OpenID I could simply let them “sign in with FAC”.
Am I missing something that is already there? If so, any pointers on how to utilise it?

Thanks,
Frans


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/msg/freeagent_api/-/GaiZBFK1fswJ.

To post to this group, send email to freeag...@googlegroups.com.
To unsubscribe from this group, send email to freeagent_ap...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To view this discussion on the web visit https://groups.google.com/d/msg/freeagent_api/-/38y7oFy8-PQJ.

To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api%2Bunsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.


You received this message because you are subscribed to the Google Groups “FreeAgent API” group.
To post to this group, send email to freeagent_api@googlegroups.com (mailto:freeagent_api@googlegroups.com).
To unsubscribe from this group, send email to freeagent_api+unsubscribe@googlegroups.com (mailto:freeagent_api+unsubscribe@googlegroups.com).
For more options, visit this group at http://groups.google.com/group/freeagent_api?hl=en.

Hello Ioan,

I am just struggling on the proper syntax for getting the exchange request.
Could you show an example of that? I gives ‘resource not found’, don’t know
what to put in headers and body.

Kind regards,
Riel

Met vriendelijke groet,
Riël Notermans

http://www.zzapps.nl/

Zzapps
De Zaale 11
5612 AJ Eindhoven
+31 (0)40-7114194
+31 (0)6-46348704

riel@zzapps.nl
http://www.zzapps.nl2013/1/17 ioan@freeagent.com

Hi,

Your users would only have to click “Authorize” once. As I said above, at
this stage you will receive an authorization token which you will have to
exchange for a access and refresh tokens. Store these two somewhere and
associate them with the logged in user. From then on you can just make the
requests for that user using his associated access token.

Beware that the access token expires after a certain amount of time, which
you will get back as part of the token exchage requesthttps://dev.freeagent.com/docs/oauth#the-access-token-request.
You probably want to store this too. Currently the expiration time is set
to 7 days, after which you will have to request a new access tokenhttps://dev.freeagent.com/docs/oauth#refreshing-the-access-tokenusing the user’s stored refresh token. This can be done by your web app in
the background without needing any action from the user’s part.

Best regards,
Ioan

On Sunday, 13 January 2013 20:20:43 UTC, Frans Lytzen wrote:

Hi,

Yes, I get that - but they’d then have to click “allow” each time they
use my app.

This is for a web app, so the user would need to log in to my site in
order for me to know who they are. Now, I could do what you suggest
but then every time they came to log in to my site they would have to click
“allow” in FAC which is less than idea.

I do understand OAuth2 is not intended for Authentication, so OpenID may
be more appropriate.

Frans

On Wednesday, January 2, 2013 12:25:27 PM UTC, io...@freeagent.com wrote:

Hi Frans,

Indeed you have to use OAuth to authenticate your app with FreeAgent,
but you do not have to create any extra users. Just sign up to the Dev
Dashboard and create an app, which will give you the OAuth App Identifier
and Secret tokens.

Once you have these and feed them into your OAuth library, you can have
a “Sign in with FA” button in your app that redirects users to the app
authorisation page. If they are not already logged in, we will ask for
their credentials. Once they click “Allow”, your app will receive an
authorisation code which you will then need to exchange for refresh and
access tokens for that particular user.

Once you have the access token, you can use it to make requests to the
API for that user’s data.

Best regards,
Ioan

On Friday, December 28, 2012 7:51:00 PM UTC, Frans Lytzen wrote:

Hi,

I am working on something which is purely an extension to FreeAgent for
our company’s use (to do with time recording). As such, I would like the
user to log into my app using their FreeAgent login details.
If I understand it correctly, FAC API supports OAuth, so I have to
create and authenticate my own users and then use OAuth to link them to
FAC. If there was support for something like OpenID I could simply let them
“sign in with FAC”.
Am I missing something that is already there? If so, any pointers on
how to utilise it?

Thanks,
Frans


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To view this discussion on the web visit
https://groups.google.com/d/msg/freeagent_api/-/GaiZBFK1fswJ.

To post to this group, send email to freeagent_api@googlegroups.com.
To unsubscribe from this group, send email to
freeagent_api+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freeagent_api?hl=en.