0

I have a web based application which can connect to customer Xero accounts using an uncertified/private app to submit invoice information. I understand there is a limit of 25 web connections for uncertified web apps, but it appears that these connections have been consumed by clients that are not actively using the web app.

I was under the impression that only 'Active' organisations would count towards this limit. Am I wrong to assume that 'Active' is based on Organisations with current (non expired) tokens?

When using the OAuth2.0 method for connecting the organisations (Using the Xero Nuget package and not requesting 'offline' in the 'scope'), the returned access token has an expiry of 30 minutes as expected:

AccessToken:{THE TOKEN}
ExpiresAtUtc: {UTC time + 30 mins}
IdToken: null
RefreshToken: null

There is no refresh token, so the connection should expire after the ExpiresAtUtc time?, however this time comes and goes and the Web App connected number in the Xero dashboard does not come back down. This is a issue as after 30 minutes, I don't believe I have a way of forcibly disconnecting clients as the token I have is no longer valid. In the event that a client connects and then never uses it again, how can I reclaim the connection?

I have considered going down the Xero partner route which has a much higher connection limit, but I wasn't anticipating having to do this anytime soon, based on the number of users I have (especially concurrent users).

Any help would be greatly appreciated.

RandomDev
  • 1

1 Answers1

0

Connections will still count towards the limit unless the Token has been manually revoked (not just let to expire) or the Connection is manually deleted. A client without a valid token but still with a connection will have the connected organisations preselected when going through the authorisation process.

To manually delete the connection I suggest following the docs here:

https://developer.xero.com/documentation/guides/oauth2/tenants/#removing-access-to-a-tenant

Dig
  • 11
  • 3