POWR-Square Integration
- SquareInstall model has access_token and refresh_token encryptions as per Square’s security requirements
- SQUARE_FORM_BUILDER_SECRET, SQUARE_FORM_BUILDER_CLIENT_ID, SQUARE_MULTI_SLIDER_SECRET, SQUARE_MULTI_SLIDER_CLEINT_ID keys are being kept as Heroku config vars, because Square requires us to not store these keys in source control
- Sign in to developer account at https://developer.squareup.com/apps using [email protected] from lastpass and applications page will be shown:
- Open any of the apps and click Oauth section on the left to see the redirect URL:
- Click Webhooks section to see all added webhooks and Send Test Event functionality is available for testing them:
Sign in/up landing pages for square users coming from square marketplace:
https://www.powr.io/users/sign_in?provider=square&app_type=multi-slider
https://www.powr.io/users/sign_up?provider=square&app_type=multi-slider
https://www.powr.io/users/sign_in?provider=square&app_type=form-builder
https://www.powr.io/users/sign_up?provider=square&app_type=form-builder
Endpoints which are in oauth_square_controller.rb:
GET ‘users/oauth_square/authorize’
It’s called when sign in/up buttons are clicked on square landing pages.
If the square_install record is expired, then redirected to ‘SQUARE_BASE_URL/oauth2/authorize?...’ which redirects back to POWR using the redirect URL set in Square dashboard.
GET ‘users/oauth_square’
This endpoint is set as a redirect URL in Square dashboard. ‘error’ param is present if the user denies to give square permissions. If the user allows, then square_install record is created/updated.GET ‘users/oauth_square/revoke’
This endpoint is for revoking the square access from POWR (account page).POST ‘users/oauth_square/revoke’
This webhook endpoint is triggered when revoking the square access from Square.