I got my connection to Xero working using the information in this post: Encountered an error: CSRF DETECTED - #6 by jclutterbuck
I then had a need to implement the Refresh Auth workflow, so assuming you've implemented a resource with a custom auth workflow, I added two additional steps to that workflow:
- Define a Variable. I called it REFRESH_TOKEN with a value of {{ oauth1.refreshToken }}
- Add a Javascript task to base64 encode the client_id and secret
3 Define another Variable that exports the output of the Javascript task. I called it REFRESH_AUTHORIZATION with a value of {{ javascript6.returnValue }}
Javascript referred to in Step 2
const stringToEncode = 'client_id:client_secret'; // Replace client_id and client_secret with actual values. Separate with a colon.
var encodedToBase64 = btoa(stringToEncode);
return encodedToBase64;
Now, you can create a Refresh Auth workflow with 3 steps:
- Create an API request with action type POST and url of https://identity.xero.com/connect/token. Headers of Authorization with a value of Basic REFRESH_AUTHORIZATION and Content-Type with a value of application/x-www-form-urlencoded. Set the Body query type to x-www-form-urlencoded and the body params to grant_type with value of refresh_token and refresh_token with value of REFRESH_TOKEN
- Define a Variable called OAUTH_TOKEN with a value of {{ http1.accessToken }}
- Define a Variable called REFRESH_TOKEN with a value of {{ http1.refreshToken }}
Pay attention to the variable names, if yours are different, modify the above to suit your chosen variable names.
To test, use the Test auth workflow button, check the timestamps on the variables using the View defined variables button, then test the Refresh Auth Workflow. When checking the defined variables again, you will note the timestamps on OAUTH_TOKEN and REFRESH_TOKEN have advanced.
Hope this helps someone looking to get a Xero resource working.
