0

I am connecting to Xero from my developer app, looks like Xero has changed some implementation in OAuth2.0 and storing information of apps already connected unlike OAuth1.0 where they allowed to connect to any organisation.

Is there a any way to select only one organisation while connecting to Xero.

enter image description here

Shrikant Chandekar
  • 33
  • 1
  • 5
  • As I read it, when you authorise you are presented with the IDs of the organisations that the user is able to connect to, so you could create a user ID that can only connect to one organisation. I don't know whether that still asks you to confirm, or whether it will skip that step when there is only a single option. – droopsnoot Apr 24 '20 at 11:05
  • Tenant ID seems to be the term I mean. – droopsnoot Apr 24 '20 at 11:39

1 Answers1

3

So Xero access_tokens for OAuth2.0 are tied to a single user who can potentially authorize multiple orgs (aka tenants). You are correct that OAuth1.0a was a direct 1-1 org to api connection.

If a user authorizes more than one tenant, a few solutions we have seen to solve this UX issue could be:

  • A dropdown in your app - the user selects which org they want to sync out of their authorized connections. Then you pass that tenantId to your api calls.

  • In your code, you filter /connections by the updatedDateUtc - and the most recent one is the tenantId you pass to your api calls.

  • leverage the /disconnect endpoint and highlight in your UI that only one org may be connected at a time.

Ref to docs: https://developer.xero.com/documentation/oauth2/auth-flow

5. Check the full set of tenants you've been authorized to access
You can verify all the tenants that the user has authorized your app to access by calling the connections endpoint. If the user has authorized your app previously, they may have existing tenant connections. All of the connected tenants can now be accessed with your most recent access token.

Each connection will have a created date and an updated date. If they differ, that means the user is reconnecting this tenant to your app (having previosuly connected and disconnected it).

GET https://api.xero.com/connections
Authorization: "Bearer " + access_token
Content-Type: application/json

Response:
[
    {
        "id": "c869f3b7-6435-4c7e-8cb2-122721b04a69",
        "tenantId": "45e4708e-d862-4111-ab3a-dd8cd03913e1",
        "tenantType": "ORGANISATION",
        "tenantName": "Demo Company (US)",
        "createdDateUtc": "2020-02-02T19:17:58.1117990",
        "updatedDateUtc": "2020-02-02T19:17:58.1117990"
    },
    {
        "id": "74305bf3-12e0-45e2-8dc8-e3ec73e3b1f9",
        "tenantId": "c3d5e782-2153-4cda-bdb4-cec791ceb90d",
        "tenantType": "ORGANISATION",
        "tenantName": "MY other Sweeet Xero Org",
        "createdDateUtc": "2020-01-30T01:33:36.2717380",
        "updatedDateUtc": "2020-02-02T19:21:08.5739590"
    }
]
SerKnight
  • 2,502
  • 1
  • 16
  • 18