Arctic

Intuit

OAuth 2.0 provider for Intuit.

Also see the OAuth 2.0 guide.

Initialization

import * as arctic from "arctic";

const intuit = new arctic.Intuit(clientId, clientSecret, redirectURI);

Create authorization URL

import * as arctic from "arctic";

const state = arctic.generateState();
const scopes = ["email", "activities.read"];
const url = intuit.createAuthorizationURL(state, scopes);

Validate authorization code

validateAuthorizationCode() will either return an OAuth2Tokens, or throw one of OAuth2RequestError, ArcticFetchError, UnexpectedResponseError, or UnexpectedErrorResponseBodyError. Intuit returns an access token, the access token expiration, and a refresh token.

import * as arctic from "arctic";

try {
	const tokens = await intuit.validateAuthorizationCode(code);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
		const code = e.code;
		// ...
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
		const cause = e.cause;
		// ...
	}
	// Parse error
}

The refresh token expiration is returned as x_refresh_token_expires_in.

const tokens = await intuit.validateAuthorizationCode(code);
if (
	"x_refresh_token_expires_in" in tokens.data &&
	typeof tokens.data.x_refresh_token_expires_in === "number"
) {
	const refreshTokenExpiresIn = tokens.data.x_refresh_token_expires_in;
}

OpenID Connect

Use OpenID Connect with the openid scope to get the user's profile with an ID token or the userinfo endpoint. Arctic provides decodeIdToken() for decoding the token's payload.

Also see ID token claims.

const scopes = ["openid"];
const url = intuit.createAuthorizationURL(state, scopes);

import * as arctic from "arctic";

const tokens = await intuit.validateAuthorizationCode(code);
const idToken = tokens.idToken();
const claims = arctic.decodeIdToken(idToken);

const response = await fetch("https://accounts.platform.intuit.com/v1/openid_connect/userinfo", {
	headers: {
		Authorization: `Bearer ${accessToken}`
	}
});
const user = await response.json();

Get user profile

Make sure to add the profile scope to get the user profile and the email scope to get the user email.

const scopes = ["openid", "profile", "email"];
const url = intuit.createAuthorizationURL(state, scopes);

Refresh access tokens

Use refreshAccessToken() to get a new access token using a refresh token. The returned values are the same as authorization code validation. This method also returns OAuth2Tokens and throws the same errors as validateAuthorizationCode()

import * as arctic from "arctic";

try {
	const tokens = await intuit.refreshAccessToken(refreshToken);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
	}
	// Parse error
}

Revoke tokens

Use revokeToken() to revoke a token. This can throw the same errors as validateAuthorizationCode().

try {
	await intuit.revokeToken(token);
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
	}
	// Parse error
}