tvl-depot/monzo-ynab/main.go

// Creating a job to import Monzo transactions into YNAB.
//
// This is going to run N times per 24 hours.

package main

import (
	"fmt"
	"log"
	"net/http"
	"os"
	"os/exec"
)

var (
	clientId     = os.Getenv("client_id")
	clientSecret = os.Getenv("client_secret")
	accessToken  = nil
	refreshToken = nil
)

const (
	state       = "xyz123"
	redirectUri = "http://localhost:8080/authorize"
)

func getAccessCode(string authCode) {
	form := map[string]string{
		"grant_type":    "authorization_code",
		"client_id":     client_id,
		"client_secret": client_secret,
		"redirect_uri":  redirectUri,
		"code":          authCode,
	}
	json := map[string]string{
		"access_token":  "access_token",
		"client_id":     "client_id",
		"expires_in":    21600,
		"refresh_token": "refresh_token",
		"token_type":    "Bearer",
		"user_id":       "user_id",
	}

	// TODO: Handle retry with backoff logic here.
	resp, error := http.Post("https://api.monzo.com/oauth2/token", form.Form(), json.Json())
	if err != nil {
		log.Fatal("Could not exchange authorization code for an access token.")
	}

	resp.Body()
}

func handleRedirect(w http.ResponseWriter, r *http.Request) {
	// assert that `r.state` is the same as `state`.
	params := r.URL.Query()

	reqState := params["state"][0]
	reqCode := params["code"][0]

	if reqState != state {
		log.Fatal(fmt.Sprintf("Value for state returned by Monzo does not equal our state. %s != %s", reqState, state))
	}

	go getAccessCode(reqCode)

	fmt.Printf("Received the authorization code from Monzo: %s", reqCode)
	fmt.Fprintf(w, fmt.Sprintf("Authorization code: %s", reqCode))
}

func authorizeClient() {
	url :=
		fmt.Sprintf("https://auth.monzo.com/?client_id=%s&redirect_uri=%s&response_type=code&state=%s",
			clientId, redirectUri, state)
	exec.Command("google-chrome", url).Start()
}

func main() {
	authorizeClient()
	http.HandleFunc("/authorize", handleRedirect)
	go log.Fatal(http.ListenAndServe(":8080", nil))
}
Begin supporting Monzo OAuth 2.0 login flow What's done: - Basic support of the client authorization grant stage of the OAuth login flow: - Open Google Chrome to point the user to Monzo's client authorization page. - Created a web server to retrieve the authorization code from Monzo. What's left: - Pulling the authorization grant (i.e. code) from Monzo's request and exchanging it for an access token and a refresh token, which can be used to make subsequent requests. Unanswered question: - Assuming this is a stateless app, where should I store the access token and refresh token to avoid the authorization flow. I'd like to avoid the client authorization flow because ideally I could run this app as a job that runs periodically throughout the day without requiring my interactions with it. Some interesting notes: - Notice how in the .envrc file, it's possible to make calls to `pass`. This allows me to check in the .envrc files without obscuring their content. It also allows me to consume these values in my app by using `os.Getenv("client_secret")`, which I find straightforward. Overall, I'm quite pleased to have stumbled upon this pattern - assuming that it's secure. 2020-02-04 23:54:47 +01:00			`// Creating a job to import Monzo transactions into YNAB.`
			`//`
			`// This is going to run N times per 24 hours.`

			`package main`

			`import (`
			`"fmt"`
			`"log"`
			`"net/http"`
			`"os"`
			`"os/exec"`
			`)`

			`var (`
			`clientId = os.Getenv("client_id")`
			`clientSecret = os.Getenv("client_secret")`
Further support Monzo OAuth2.0 login flow I'm now pulling the authorization code off of Monzo's request to my redirect URI. I intend to use exchange that code for an access and refresh token. Once I have these two items, I should be able to interact with Monzo's API much more easily. 2020-02-05 18:58:32 +01:00			`accessToken = nil`
			`refreshToken = nil`
Begin supporting Monzo OAuth 2.0 login flow What's done: - Basic support of the client authorization grant stage of the OAuth login flow: - Open Google Chrome to point the user to Monzo's client authorization page. - Created a web server to retrieve the authorization code from Monzo. What's left: - Pulling the authorization grant (i.e. code) from Monzo's request and exchanging it for an access token and a refresh token, which can be used to make subsequent requests. Unanswered question: - Assuming this is a stateless app, where should I store the access token and refresh token to avoid the authorization flow. I'd like to avoid the client authorization flow because ideally I could run this app as a job that runs periodically throughout the day without requiring my interactions with it. Some interesting notes: - Notice how in the .envrc file, it's possible to make calls to `pass`. This allows me to check in the .envrc files without obscuring their content. It also allows me to consume these values in my app by using `os.Getenv("client_secret")`, which I find straightforward. Overall, I'm quite pleased to have stumbled upon this pattern - assuming that it's secure. 2020-02-04 23:54:47 +01:00			`)`

			`const (`
			`state = "xyz123"`
			`redirectUri = "http://localhost:8080/authorize"`
			`)`

Further support Monzo OAuth2.0 login flow I'm now pulling the authorization code off of Monzo's request to my redirect URI. I intend to use exchange that code for an access and refresh token. Once I have these two items, I should be able to interact with Monzo's API much more easily. 2020-02-05 18:58:32 +01:00			`func getAccessCode(string authCode) {`
			`form := map[string]string{`
			`"grant_type": "authorization_code",`
			`"client_id": client_id,`
			`"client_secret": client_secret,`
			`"redirect_uri": redirectUri,`
			`"code": authCode,`
			`}`
			`json := map[string]string{`
			`"access_token": "access_token",`
			`"client_id": "client_id",`
			`"expires_in": 21600,`
			`"refresh_token": "refresh_token",`
			`"token_type": "Bearer",`
			`"user_id": "user_id",`
			`}`

			`// TODO: Handle retry with backoff logic here.`
			`resp, error := http.Post("https://api.monzo.com/oauth2/token", form.Form(), json.Json())`
			`if err != nil {`
			`log.Fatal("Could not exchange authorization code for an access token.")`
			`}`

			`resp.Body()`
			`}`

Begin supporting Monzo OAuth 2.0 login flow What's done: - Basic support of the client authorization grant stage of the OAuth login flow: - Open Google Chrome to point the user to Monzo's client authorization page. - Created a web server to retrieve the authorization code from Monzo. What's left: - Pulling the authorization grant (i.e. code) from Monzo's request and exchanging it for an access token and a refresh token, which can be used to make subsequent requests. Unanswered question: - Assuming this is a stateless app, where should I store the access token and refresh token to avoid the authorization flow. I'd like to avoid the client authorization flow because ideally I could run this app as a job that runs periodically throughout the day without requiring my interactions with it. Some interesting notes: - Notice how in the .envrc file, it's possible to make calls to `pass`. This allows me to check in the .envrc files without obscuring their content. It also allows me to consume these values in my app by using `os.Getenv("client_secret")`, which I find straightforward. Overall, I'm quite pleased to have stumbled upon this pattern - assuming that it's secure. 2020-02-04 23:54:47 +01:00			`func handleRedirect(w http.ResponseWriter, r *http.Request) {`
Further support Monzo OAuth2.0 login flow I'm now pulling the authorization code off of Monzo's request to my redirect URI. I intend to use exchange that code for an access and refresh token. Once I have these two items, I should be able to interact with Monzo's API much more easily. 2020-02-05 18:58:32 +01:00			// assert that `r.state` is the same as `state`.
			`params := r.URL.Query()`

			`reqState := params["state"][0]`
			`reqCode := params["code"][0]`

			`if reqState != state {`
			`log.Fatal(fmt.Sprintf("Value for state returned by Monzo does not equal our state. %s != %s", reqState, state))`
			`}`

			`go getAccessCode(reqCode)`

			`fmt.Printf("Received the authorization code from Monzo: %s", reqCode)`
			`fmt.Fprintf(w, fmt.Sprintf("Authorization code: %s", reqCode))`
Begin supporting Monzo OAuth 2.0 login flow What's done: - Basic support of the client authorization grant stage of the OAuth login flow: - Open Google Chrome to point the user to Monzo's client authorization page. - Created a web server to retrieve the authorization code from Monzo. What's left: - Pulling the authorization grant (i.e. code) from Monzo's request and exchanging it for an access token and a refresh token, which can be used to make subsequent requests. Unanswered question: - Assuming this is a stateless app, where should I store the access token and refresh token to avoid the authorization flow. I'd like to avoid the client authorization flow because ideally I could run this app as a job that runs periodically throughout the day without requiring my interactions with it. Some interesting notes: - Notice how in the .envrc file, it's possible to make calls to `pass`. This allows me to check in the .envrc files without obscuring their content. It also allows me to consume these values in my app by using `os.Getenv("client_secret")`, which I find straightforward. Overall, I'm quite pleased to have stumbled upon this pattern - assuming that it's secure. 2020-02-04 23:54:47 +01:00			`}`

			`func authorizeClient() {`
			`url :=`
Further support Monzo OAuth2.0 login flow I'm now pulling the authorization code off of Monzo's request to my redirect URI. I intend to use exchange that code for an access and refresh token. Once I have these two items, I should be able to interact with Monzo's API much more easily. 2020-02-05 18:58:32 +01:00			`fmt.Sprintf("https://auth.monzo.com/?client_id=%s&redirect_uri=%s&response_type=code&state=%s",`
Begin supporting Monzo OAuth 2.0 login flow What's done: - Basic support of the client authorization grant stage of the OAuth login flow: - Open Google Chrome to point the user to Monzo's client authorization page. - Created a web server to retrieve the authorization code from Monzo. What's left: - Pulling the authorization grant (i.e. code) from Monzo's request and exchanging it for an access token and a refresh token, which can be used to make subsequent requests. Unanswered question: - Assuming this is a stateless app, where should I store the access token and refresh token to avoid the authorization flow. I'd like to avoid the client authorization flow because ideally I could run this app as a job that runs periodically throughout the day without requiring my interactions with it. Some interesting notes: - Notice how in the .envrc file, it's possible to make calls to `pass`. This allows me to check in the .envrc files without obscuring their content. It also allows me to consume these values in my app by using `os.Getenv("client_secret")`, which I find straightforward. Overall, I'm quite pleased to have stumbled upon this pattern - assuming that it's secure. 2020-02-04 23:54:47 +01:00			`clientId, redirectUri, state)`
			`exec.Command("google-chrome", url).Start()`
			`}`

			`func main() {`
			`authorizeClient()`
			`http.HandleFunc("/authorize", handleRedirect)`
			`go log.Fatal(http.ListenAndServe(":8080", nil))`
			`}`