0

We have to migrate to Oauth 2.0. However, I am facing the following issues. Status 400 I believe due to some parameters that may not be entered right. If anyone know what could be wrong or have any idea please let me know.

and this is my code:

pack <- c('curl','xml2','XML', 'plyr', 'dplyr','tidyr', 'httr', 'tools', 'lubridate',
          'jsonlite', 'stringr', 'data.table', 'anytime')
sapply(pack, function(x){ 
  if(!require(x,character.only = T, quietly = T)) {install.packages(x, quiet = T)}
  require(x, quietly = T, character.only = T)
})
#New Xero & WFM Api OAuth 2.0 credentials
Client_ID <- 'YOUR_CLIENT_ID'
Client_secret<- 'YOUR_CLIENT_SECRET'

XTID <- 'YOUR_REFERAL_ID'#Referral_ID 
Redirect_URI <- 'https://xero.com/' #OAuth 2.0 redirect URI

response <- GET(paste0('https://login.xero.com/identity/connect/authorize?response_type=code&client_id=',
       Client_ID,'&redirect_uri=',Redirect_URI,'&scope=workflowmax%20offline_access'))
browseURL(response$url)

It works till here I am able to retrieve the first code, but I can't get the tokens This is what Xero Doc said:

Xero Doc request:

POST https://identity.xero.com/connect/token
authorization: "Basic " + base64encode(client_id + ":" + client_secret)
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code=xxxxxx
&redirect_uri=https://myapp.com/redirect

Now trying to get the token I tried several forms. however, they all look really similar.

code <- 'YOUR_CODE'

credentials = list();
credentials['grant_type'] <- "authorization_code"
credentials['code'] <- code
credentials['redirect_uri'] <- Redirect_URI

b64_id_secret <- base64_enc('YOUR_CLIENT_ID:YOUR_CLIENT_SECRET')
# user <- paste("Basic", user, sep = " ")
url <- 'https://identity.xero.com/connect/token'    
POST(url, add_headers('Authorization'= paste0('Basic ', b64_id_secret)), 
         body  = credentials,
         verbose(), encode = 'form')

Response:

Response [https://identity.xero.com/connect/token?grant_type=authorization_code&code=YOUR_CODE&redirect_uri=https://waterlineprojects.com/]
  Date: 2020-11-20 02:48
  Status: 400
  Content-Type: application/json; charset=UTF-8
  Size: 27 B

XERO DOCUMENTATION: https://developer.xero.com/documentation/oauth2/overview

luis vergara
  • 131
  • 1
  • 9
  • In their example they have "authorization" but you have "Authorization". Perhaps it's case sensitve? It's going to be very hard to help you without a proper [reproducible example](https://stackoverflow.com/questions/5963269/how-to-make-a-great-r-reproducible-example). Perhaps you should contact them for support with their API. – MrFlick Nov 20 '20 at 04:00
  • Thank you for your time MrFlick I've tried several times including that lowercase scenario. However, I haven't had any luck yet. The best I can do I guess is to create a reproducible scenario and open a ticket with XERO Support – luis vergara Nov 24 '20 at 04:57

2 Answers2

1

I did my workaround and got it running. This is the way to access the Oauth 2.0.

pack <- c('curl','xml2','XML', 'plyr', 'dplyr','tidyr', 'httr', 'tools', 'lubridate',
          'jsonlite', 'stringr', 'data.table', 'anytime', 'RCurl', 'rvest', 'opnessl', 'jose')
sapply(pack, function(x){ 
  if(!require(x,character.only = T, quietly = T)) {install.packages(x, quiet = T)}
  require(x, quietly = T, character.only = T)
})

#New Xero & WFM Api OAuth 2.0 credentials
Client_ID <- 'YOUR_ID'
Client_secret<- 'YOUR_SECRET'

XTID_Xero <- 'YOUR_XTID'#Referral_ID 
Redirect_URI <- 'YOUR_CALL_BACK_URL' #OAuth 2.0 redirect URI

# Create the app
app <- oauth_app("YOUR_API_NAME",
                 key = Client_ID,
                 secret = Client_secret,
                 redirect_uri = Redirect_URI
  
)
# Create the endpoint
create_endpoint <- function()
{
  request <- "https://identity.xero.com/connect/token"
  authorize <- "https://login.xero.com/identity/connect/authorize"
  access <- "https://identity.xero.com/connect/token"
  httr::oauth_endpoint(request, authorize, access)
}
api <- create_endpoint()

header <- httr::add_headers(Authorization=paste0("Basic ", RCurl::base64Encode(charToRaw(paste0(Client_ID, ":", Client_secret)))))
content_type <- httr::content_type("application/x-www-form-urlencoded")

# Define the scope
scope_WFM <- "openid profile offline_access payroll.employees.read payroll.payruns.read payroll.payslip.read payroll.timesheets.read accounting.transactions.read accounting.reports.read accounting.journals.read"

# Get the code
httr::BROWSE(oauth2.0_authorize_url(api, app, scope = scope_WFM))
#get the code from the URL displayed in your browser
code_xero <- 'YOR_CODE'
state_xero <- 'YOUR_STATE'

token <- httr::oauth2.0_token(
     endpoint = api,
     app = app,
     scope = scope_WFM,
     config_init = c(header, content_type),
     use_basic_auth = TRUE,
     query_authorize_extra = list(prompt = "login"),
     type = "code",
     credentials = oauth2.0_access_token(api, app, code_xero),
     cache = FALSE
   )


  #get your xero-tenant-id
    access <- GET("https://api.xero.com/connections", config = token)
    connections <- content(access, 'text')
    connections <- fromJSON(connections, flatten = T)
Dharman
  • 30,962
  • 25
  • 85
  • 135
luis vergara
  • 131
  • 1
  • 9
  • I am very new to API's and have a question regarding the Redirect_URI. I placed "http://localhost:8080" in my OAuth 2.0 redirect URIs to receive the code_xero and state_xero but keep on receiving errors. Is there a specific URI I have to put in that section to get those codes? Thanks – k3r0 Jul 15 '21 at 02:25
  • Hey k3r0, I did not set an environment to receive the code meaning that I may not be able to help you receive the code response in your host. The way I did it was by using our hosted website "https://yourbusiness.com" then when I you activate httr::BROWSE(oauth2.0_authorize_url(api, app, scope = scope_WFM)) it will automatically open the website you added as URL call back and in the URL itself you will be able to see the code, then copy and past it in your code. Hope this helps in any way, otherwise send me pm. – luis vergara Jul 19 '21 at 02:49
0

looks like you are close. Like MrFlick said without your client ID and starting a case with Xero API tech support (email api@xero.com with your client id and dat of log) its hard to know for sure.

One tip might be it, your redirect URI has to match exactly same value that is in your https://developer.xero.com/myapps/details?appId=<app_uuid> dashboard including an end slash.

Also - what is the body of the 400 error, there should be something like

{
  "error": "invalid_grant"
}

Which will help you deduce what is wrong more easily.

https://developer.xero.com/documentation/oauth2/troubleshooting

SerKnight
  • 2,502
  • 1
  • 16
  • 18
  • Thanks for your answer SerKnight, I've sent a request to xero support to see if they may be able to help me. The error on my end just said HTTP/1.1 400 Bad Request. not sure what is really going on. By the way, I have a matching redirect URI. I don't see any issue there. Thanks! – luis vergara Nov 24 '20 at 04:53