## Add Your Environment Variables 
These variables can be set in a `.env` file in the same directory as this notebook. The file should look like this:

```
CLIENT_ID=your_client_id
CLIENT_SECRET=your_client_secret
```
The other option is to set them as variables in your terminal.

## The first cell of the notebook will load the environment variables and required modules and make them available to the notebook.

Requirements can be found in the `requirements.txt` file in the same directory as this notebook.

In [5]:
import requests
from urllib.parse import urlencode
from dotenv import load_dotenv
import os

load_dotenv()

# # # Replace the following values with your actual API credentials # # #

# Environment variables are used to keep your sensitive data safe
CLIENT_ID = os.getenv("CLIENT_ID")
CLIENT_SECRET = os.getenv("CLIENT_SECRET")

# Local variables
redirect_uri = "https://www.matt-thacker.com/redirect"
scope = 'Full'


## OAuth2 Authentication

The following code will walk you through the OAuth2 authentication process. 

The following cell block is the first step to authenticate with the Blackbaud SKY API.

It produces a website that you should copy, paste, and visit in your browser. This will prompt you to log in and authorize the application to access your data.

In [6]:
# Step 1: Get the authorization URL
authorization_url = 'https://oauth2.sky.blackbaud.com/authorization'
params = {
	'response_type': 'code', ## DO NOT CHANGE
	'client_id': CLIENT_ID,  ## DO NOT CHANGE -> comes from the environment variables
	'redirect_uri': redirect_uri, ## DO NOT CHANGE -> comes from the local variables
	'scope': scope ## DO NOT CHANGE -> comes from the local variables
}
url = f'{authorization_url}?{urlencode(params)}'

print(f'Please visit the following URL to authorize the application:\n{url}')



Please visit the following URL to authorize the application:
https://oauth2.sky.blackbaud.com/authorization?response_type=code&client_id=7b1f9c28-90d9-49ee-a3a4-12c3db01ded5&redirect_uri=https%3A%2F%2Fwww.matt-thacker.com%2Fredirect&scope=Full


## Copy the authorization code from the URL and paste it in the next cell to exchange it for an access token.

In [7]:
# Step 2: Get the authorization code from the user
auth_code = '3155d4457cab4a2dbd3c1179645b00d5'


## Exchange the authorization code for an access token

In [8]:
# Step 3: Exchange the authorization code for an access token
token_url = 'https://oauth2.sky.blackbaud.com/token'
payload = {
	'grant_type': 'authorization_code',
	'code': auth_code,
	'client_id': CLIENT_ID,
	'client_secret': CLIENT_SECRET,
	'redirect_uri': redirect_uri
}
response = requests.post(token_url, data=payload)
response_data = response.json()

if 'access_token' not in response_data:
	print(f'Error: {response_data.get("error_description")}')
else:
	access_token = response_data['access_token']
	refresh_token = response_data['refresh_token']
	print(f'Access token: {access_token}\nRefresh token: {refresh_token}')

Access token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjREVjZzVkxIM0FtU1JTbUZqMk04Wm5wWHU3WSIsInR5cCI6IkpXVCJ9.eyJhcHBsaWNhdGlvbmlkIjoiN2IxZjljMjgtOTBkOS00OWVlLWEzYTQtMTJjM2RiMDFkZWQ1IiwiZW52aXJvbm1lbnRpZCI6InAtdm5WQWJEdGZ1MEd5TXFTRG1HLV9xdyIsImVudmlyb25tZW50bmFtZSI6IlNLWSBEZXZlbG9wZXIgQ29ob3J0IEVudmlyb25tZW50IDEiLCJsZWdhbGVudGl0eWlkIjoicC1nVnFyX3lPU2tVcXNFS3RtLVpwSm5BIiwibGVnYWxlbnRpdHluYW1lIjoiU0tZIERldmVsb3BlciBDb2hvcnQiLCJtb2RlIjoiRnVsbCIsInpvbmUiOiJwLXVzYTAxIiwibmFtZWlkIjoiZDliZTZlY2YtOGFiNC00YjUxLThhYWMtZjNiYjQwOGE0NGNhIiwianRpIjoiZDI0ZDY4ZDItZDM4Yi00ZGVmLTk5YWEtOTM3NTMxY2FhMTdhIiwiZXhwIjoxNzE4NDI0NjI2LCJpYXQiOjE3MTg0MjEwMjYsImlzcyI6Imh0dHBzOi8vb2F1dGgyLnNreS5ibGFja2JhdWQuY29tLyIsImF1ZCI6ImJsYWNrYmF1ZCJ9.eb0aOmsGD7dIVtBLWbPMqsfmmhkEJZ6FYkTNbhTFYbQZxRu-KJt6vys-3yS3-NXvfI_0H7dTnGYP84AEz8q5ucn5gvjHWCmG27dqeYclhfamJm16UnSKEI1kuWO7rnrdagA-WN2JFCRvRAs0i2jQNyAkTRzLC6FUwZjA_ev-RKA_ErNJutG6JkitLeK-Ho6NnW3M_bN6-zl1AI9yz0NeTT2NdCppz3sHZ0e7cbCXVaGDUCoj2YVOCNDZZzpj4D1VFaxjNNuZl7gR0XEBHYgB2GsY4Z342fzee0dm

## Refreshing the Access Token  
- Access tokens expire 3600 seconds (60 mins) after they are issued
- Refresh tokens expire 365 days after they are issued

In [None]:
def refresh_access_token(client_id, client_secret, refresh_token):
    """
    Refreshes the access token using the given client ID, client secret, and refresh token.

    :param client_id: The client ID provided by the OAuth2 provider.
    :param client_secret: The client secret provided by the OAuth2 provider.
    :param refresh_token: The refresh token obtained during the initial authentication.
    :return: A dictionary containing the refreshed access token.
    :raises Exception: If the request to refresh the access token fails.
    """


    payload = {
		"client_id": client_id,
		"client_secret": client_secret,
		"refresh_token": refresh_token,
		"grant_type": "refresh_token"
	}

    headers = {
		"Content-Type": "application/x-www-form-urlencoded"
	}

    response = requests.post(token_url, data=payload, headers=headers)


    if response.status_code == 200:
        access_token = response.json()["access_token"]
        refresh_access_token = response.json()["refresh_token"]
        return {
			"access_token": access_token,
			"refresh_token": refresh_token
		}
        return response.json()
    else:
		# Handle error scenarios
        raise Exception(f"Failed to refresh access token: {response.text}")

try:
	new_token_details = refresh_access_token(CLIENT_SECRET, CLIENT_SECRET, refresh_token)
	print("New access token details:", new_token_details)
except Exception as e:
	print(e)