Getting "unsupported_grant_type" when trying to refresh xero API token

Question

I don't understand how to use offline_access. Could you send me for example how do it? And where can I get a new Refresh token?

I added offline_access For all my users. And how can I use this? For generate a new refresh token.

I have this method

$provider = new \League\OAuth2\Client\Provider\GenericProvider([
'clientId' => $client,
'clientSecret' => $secret,
'redirectUri' => 'https://site/xeroreports',
'urlAuthorize' => 'https://login.xero.com/identity/connect/authorize',
'urlAccessToken' => 'https://identity.xero.com/connect/token',
'urlResourceOwnerDetails' => 'https://identity.xero.com/resources'
]);

$newAccessToken = $provider->getAccessToken('refresh_token', [
'refresh_token' => $xero_refresh
]);

but I get only accses token

If I use

    $client = new \GuzzleHttp\Client();
    
    $response1 = $client->request('POST', 'https://identity.xero.com/connect/token', [
    'body' => '{"grant_type":"refresh_token", "refresh_token":"'. $xero_refresh .'"}',
    'headers' => [
    'Authorization' => 'Basic ' . $authpas,
    'Content-Type' => "application/x-www-form-urlencoded",
    ],
    ]); 
echo $newRefreshToken = $response1->getBody();

I have an error

Type: GuzzleHttp\Exception\ClientException Code: 400 Message: Client error: `POST https://identity.xero.com/connect/token` resulted in a `400 Bad Request` response: {error: unsupported_grant_type}

@nice_dev Xero PHP SDK itself uses GuzzleHTTP underneath the hood — thethakuri, May 22 '23 at 10:47
@thethakuri Guzzle will require you to wire the code in Xero's style whereas Xero already provides the boilerplate, enabling us to only change a few tit-bits here and there. — nice_dev, May 22 '23 at 11:17

score 0 · Accepted Answer · answered Aug 25 '22 at 05:59

$newAccessToken = $provider->getAccessToken('refresh_token', [
 'refresh_token' => $xero_refresh
]);

In the above snippet $newAccessToken isn't a string but an object. To get the new refresh token, it is just $newAccessToken->getRefreshToken() as mentioned in their wiki.

score 0 · Answer 2 · answered May 22 '23 at 10:46

I might be little late to the party but I think I should put in my 2 cents.

You're setting the content-type as application/x-www-form-urlencoded but the body is passed as JSON object.

Following code should work:

$client = new \GuzzleHttp\Client();

$response1 = $client->request('POST', 'https://identity.xero.com/connect/token', [
'headers' => [
'Authorization' => 'Basic ' . $authpas,
'Content-Type' => "application/x-www-form-urlencoded"
],
'form_params' => [
    "grant_type" => "refresh_token",
    "client_id" => $client,
    "refresh_token" => $xero_refresh
],
]);

echo $newRefreshToken = $response1->getBody();

Getting "unsupported_grant_type" when trying to refresh xero API token

2 Answers2