Set Up OAuth for Intuit QuickBooks Online
This topic describes how to set up your Intuit QuickBooks Online data sources for OAuth authentication. Complete these steps for each Tableau Server instance.
Setting up OAuth for QuickBooks Online consists of the following tasks:
Create a Connected App on the Intuit developer platform.
Use the information you get as part of the Connected App to configure your server.
- (Optional) Configure site-specific OAuth.
Step 1: Create an Intuit app
Sign in to your Intuit developer account, and then click My Apps.
In the Just start coding section, click Select APIs.
Select Accounting and click Create App.
In the Get your app ready for submission section, click the link to get your production keys.
Important: You must use production keys rather than development keys.
Copy the app token, OAuth consumer key, and OAuth consumer secret.
Step 2: Configure Tableau Server for Intuit QuickBooks Online
On the Tableau Server computer, open the bash shell and run the following commands:
tsm configuration set -k oauth.quickbooks.oauth_callback_uri -v http://YOUR-SERVER/auth/add_oauth_token
tsm configuration set -k oauth.quickbooks.consumer_key -v <your_consumer_key>
tsm configuration set -k oauth.quickbooks.consumer_secret -v <your_consumer_secret>
tsm pending-changes apply
If the pending changes require a server restart, the
pending-changes applycommand will display a prompt to let you know a restart will occur. This prompt displays even if the server is stopped, but in that case there is no restart. You can suppress the prompt using the
--ignore-promptoption, but this does not change the restart behavior. If the changes do not require a restart, the changes are applied without a prompt. For more information, see tsm pending-changes apply.
You can configure a custom Intuit QuickBooks Online OAuth client for a site.
Consider configuring a custom OAuth client to 1) override an OAuth client if configured for the server or 2) enable support for securely connecting to data that requires unique OAuth clients.
When a custom OAuth client is configured, the site-level configuration takes precedence over any server-side configuration and all new OAuth credentials created use the site-level OAuth client by default. No Tableau Server restart is required for the configurations to take effect.
Important: Existing OAuth credentials established before the custom OAuth client is configured are temporarily usable but both server administrators and users must update their saved credentials to help ensure uninterrupted data access.
Step 1: Prepare the OAuth client ID, client secret, and redirect URL
Before you can configure the custom OAuth client, you need the information listed below. After you have this information prepared, you can register the custom OAuth client for the site.
OAuth client ID and client secret: First register the OAuth client with the data provider (connector) to retrieve the client ID and secret generated for Tableau Server.
Redirect URL: Note the correct redirect URL. You will need this during the registration process in Step 2 below.
For example, https://myco.com/auth/add_oauth_token
Step 2: Register the OAuth client ID and client secret
Follow the procedure described below to register the custom OAuth client to the site.
Sign in to your Tableau Server site using your admin credentials and navigate to the Settings page.
Under OAuth Clients Registry, click the Add OAuth Client button.
Enter the required information, including the information from Step 1 above:
For Connection Type, select the connector whose custom OAuth client you want to configure.
For Client ID, Client Secret, and Redirect URL, enter the information you prepared in Step 1 above.
Click the Add OAuth Client button to complete the registration process.
(Optional) Repeat step 3 for all supported connectors.
- Click the Save button at the bottom or top of the Settings page to save changes.
Step 3: Validate and update saved credentials
To help ensure uninterrupted data access, you (and your site users) must delete the previous saved credentials and add it again to use the custom OAuth client for the site.
Navigate to your My Account Settings page.
Under Saved Credentials for Data Sources, do the following:
Click Delete next to the existing saved credentials for the connector whose custom OAuth client you configured in Step 2 above.
Next to connector name, click Add and follow the prompts to 1) connect to the custom OAuth client configured in Step 2 above and 2) save the latest credentials.
Step 4: Notify users to update their saved credentials
Make sure you notify your site users to update their saved credentials for the connector whose custom OAuth client you configured in Step 2 above. Site users can use the procedure described in Update saved credentials to update their saved credentials.
Managing access tokens
If you run an extract refresh job for your QuickBooks Online data source, Tableau Server attempts to renew access tokens for you. To help ensure that your access tokens do not expire, run your extract refresh jobs more than once a month. Otherwise, the access tokens from QuickBooks Online expire and your extract refresh jobs fail. If your access tokens do expire, you can edit your saved credentials from the Settings page.
The saved credentials can be managed centrally or by your users. For more information, see Allow Saved Access Tokens.