Using Xero's Java SDK to support authentication of multiple private apps?

Question

I am using Xero's Java SDK to build my application. My application is now facing a requirement of having to work with several Xero private apps, therefore I need to manage and performing authentication (OAuth) via the key certificate file and appropriate consumer key and secret.

I was thinking to very simply store these details in a database table and retrieve them appropriately more or less as in the following:

    // create a Xero config instance
    Config config = JsonConfig.getInstance();

    // build config file - details will be obtained from database
    config.setConsumerKey("key");
    config.setConsumerSecret("secret");

    // this line will have me authenticate with the Xero service using the config file built
    XeroClient client = new XeroClient(config);

The problem with this approach is that I am not pointing at the public_privatekey.pfx key file which is another essential element required to authenticate.

The reason why I am not doing so is that the SDK does not seem to support this using the Config instance as shown above - there is no option for me to select the appropriate public_private.pfx file (and neither an option for me to just load the contents of the file). It doesn't make sense to me that an SDK would be missing a feature, therefore questioning my approach; have I overlooked a detail or am I approaching the problem incorrectly?

Answer 1

Take a look at the read me under the heading Customize Request Signing

https://github.com/XeroAPI/Xero-Java/blob/master/README.md

You can provide your own signing mechanism by using the public XeroClient(Config config, SignerFactory signerFactory) constructor. Simply implement the SignerFactory interface with your implementation.

You can also provide a RsaSignerFactory using the public RsaSignerFactory(InputStream privateKeyInputStream, String privateKeyPassword) constructor to fetch keys from any InputStream.