I’ve run into an issue while developing a Quickbooks Online integration using the Custom Integration API. Since the Quickbooks oauth2 flow allows for a range of companies to be selected in the web UI for authorization, the authorization code response contains the realmId (company id) of the particular company that the user selected.
Example Authorization Code Response
https://www.mydemoapp.com/oauth-redirect?
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
state=security_token%3D138r5719ru3e1%26url%3Dhttps://www.mydemoapp.com/oauth-redirect&
realmId=1231434565226279
Currently it seems that only the code and state are taken from the authorization code response and used for the token request body. Would it be possible to return the response parameters dynamically so that the realmId and other potential response values can be used?