Zoho CRM deprecation

[thismustbekirk]

Hey,

I was just wondering if you saw the update of Zoho moving to a 2.0 verison? I have started modifying the code to work with the params that are listed on the site; however, they moved to Oauth 2.0 so it seems to be a little more tricky than the previous token requests. There is a timeout for every token issued and I believe there needs to be cookie management implemented as well, but I am not too familiar with this security method. I am building restful services right now and this would be a huge help if I could have custom OAuth methods. Basically the token refresh needs to parse the url and grab an id from it, which can be dished back out as a uri or however you say it. Im going to be working on it this weekend and would greatly appreciate any update on this library or thoughts about how you would go about the authentication process. Whether you have time or not I appreciate your time and help. Regards

[schmorrison]

Hi @thismustbekirk

I started working on this like 2 weeks before they announced V2. And since they released a bunch of client libraries for other languages, this project didn’t seem to pressing.

I was going to start over to implement V2 on a separate branch, but I never really looked at the implementation so I’m not sure how they have it built.

In the mean time I imagine using golang.org/x/oauth2 to manage oAuth2 requests would work, and parsing the response from Zoho into a map[string]interface then doing type assertions.

I will take a look this weekend and let you know what I think.

[schmorrison]

Hi there,

I decided to take a run at V2. I believe I worked out the oAuth2 request scheme. The golang oAuth2 library doesn’t seem to work so I wrote the requests with the standard net/http library.

I am going to write up a README and push v2 to master sometime today. It’s probably gonna take a few nights to get into the data parsing parts though. And I imagine the API scheme will be unstable for a while.

Regards,

Sam Morrison

[thismustbekirk]

Wow, that would be incredible. My concern right now is bypassing the user consent page when sending for the authorization. I'm guessing that would be more of a routing issue than an actual authentication; however, I will continue looking over oAuth for the heavy lifting, and appreciate your help on this issue.

[schmorrison]

So having not actually tried it as it exists now, I can't confirm it works completely. When you get an oAuth clientId/clientSecret from Zoho accounts they have a user set the 'redirectURL'. Just to try, I used a localhost:8000 domain, when running through the oAuth flow I provide the request with my clientID, scopes, and redirect URL, which requires the user to click on a link. After the browser loads the link, it is supposed to load a 'Consent screen' but it hasn't for me, instead it redirects the browser to the local host domain. So I added a server in the Authorization request function on the localhost domain I specified which grabs the code from the URL parameters upon redirecting and continues with the oAuth flow.

If you want to skip the clicking on a link part, presumably you want to be more programmatic about it. Go to Zoho Developers Console and click the three dots beside your key, click Self-Client, which will generate an Authorization code for you. This can the be used instead of having to mess around with redirects. The scope I specified was ZohoCRM.modules.ALL. After you have this code you can skip the authorization request step and move on to getting an Access token and Refresh token, assuming you provide clientID, clientSecret, code, redirectURI to the other function.

Again, I will make a nicer write-up, hopefully tonight or tomorrow. After we get the oAuth muck sorted, I could really use help giving it a good test, and then move on to the record getting functions. I have a feeling that Zoho's API isn't going to return nicely parse-able responses like I had thought so writing a MarshalJSON/UnmarshalJSON function for each record type might be required.

[schmorrison]

Updated the readme's in Zoho and Zoho/crm

Feel free to ask about anything that isn't clear.

[thismustbekirk]

This update looks fantastic, thank you for putting your time into this. I am shooting to have something testable this next week, so I will definitely let you know what my thoughts are on it. My main goal is too pull records and will be trying to mash something out with the upsert function, which seems pretty pertinent next to the basic getting of records. I will let you know if anything goes wrong, but the update look really good. Thanks again.

[thismustbekirk]

Hey, so when I use the AuthorizationCodeRequest funciton what is the syntax I need for the scopes parameter? I see that it is defined as a string but I need a slice? How do I frame that when calling the function?

var z zoho.Zoho z.AuthorizationCodeRequest("client_id", "client_secret", nil, "http://google.com")

[schmorrison]

Check out the read me.

scopes := []zoho.ScopeString{
        zoho.BuildScope(zoho.Crm, zoho.ModulesScope, zoho.AllMethod, zoho.NoOp),
    }

There are a set of constants for each part, service, scope, method, and operation. I the example above I used all methods, and no operation.

[schmorrison]

Also if I were you I would redact you client secret/client id

[schmorrison]

From my limited testing it seems that z.AuthorizationCodeRequest() will take you to the consent screen, unless in a browser which has a Zoho cookie already set. So if you are performing work remotely, from an arbitrary script, or otherwise where you don't want to enter the URL into a browser, you should get an Authorization Code from accounts.zoho.com/developerconsole and use that in z.GenerateTokenRequest().

I'm not familiar with PERL at all, so whether it is capable of performing browser activities is beyond me.

I'm glad you are so happy with the progress. I've had alot of time to think about how I wanted to write it.

[thismustbekirk]

Everything looks good and will continue working with it. Thanks