Connecting to Xero and adding a Refresh Auth Workflow

Ben_Salt · April 18, 2024, 10:12pm

I got my connection to Xero working using the information in this post: Encountered an error: CSRF DETECTED - #6 by jclutterbuck

I then had a need to implement the Refresh Auth workflow, so assuming you've implemented a resource with a custom auth workflow, I added two additional steps to that workflow:

Define a Variable. I called it REFRESH_TOKEN with a value of {{ oauth1.refreshToken }}
Add a Javascript task to base64 encode the client_id and secret
3 Define another Variable that exports the output of the Javascript task. I called it REFRESH_AUTHORIZATION with a value of {{ javascript6.returnValue }}

Javascript referred to in Step 2

const stringToEncode = 'client_id:client_secret'; // Replace client_id and client_secret with actual values. Separate with a colon.
var encodedToBase64 = btoa(stringToEncode);
return encodedToBase64;

Now, you can create a Refresh Auth workflow with 3 steps:

Create an API request with action type POST and url of https://identity.xero.com/connect/token. Headers of Authorization with a value of Basic REFRESH_AUTHORIZATION and Content-Type with a value of application/x-www-form-urlencoded. Set the Body query type to x-www-form-urlencoded and the body params to grant_type with value of refresh_token and refresh_token with value of REFRESH_TOKEN
Define a Variable called OAUTH_TOKEN with a value of {{ http1.accessToken }}
Define a Variable called REFRESH_TOKEN with a value of {{ http1.refreshToken }}

Pay attention to the variable names, if yours are different, modify the above to suit your chosen variable names.

To test, use the Test auth workflow button, check the timestamps on the variables using the View defined variables button, then test the Refresh Auth Workflow. When checking the defined variables again, you will note the timestamps on OAUTH_TOKEN and REFRESH_TOKEN have advanced.

Hope this helps someone looking to get a Xero resource working.

Paulo · April 24, 2024, 9:39pm

Hi @Ben_Salt, welcome to the forum!

Thank you for sharing this setup. It will help many members of our Community!

Happy building!

timk · September 1, 2024, 11:40am

This was very helpful. I think you have to add the scope offline_access to the initial authentication to get the Refresh Token generated from Xero.

The point about checking the variables is well made - e.g. my values were {{ http1.body.access_token }} {{ http1.body.refresh_token }}

drReech · September 18, 2024, 6:24pm

Hi, thanks that's more or less exactly what I was looking for, but rookie questions as I'm new to retool (previously used AppSmith and others).

(a) how do I pass the REFRESH_TOKEN from my previous custom auth (followed the same link you post - it all works) to a new auth - how do I access the token??
(b) Similar really - how do I then save the tokens I get to a database (for later use in workflows) in my postgre db?

I'm really struggling to understand how I can get retool to do this as the API calls seem to be really quite detached to the rest of the code and inaccessible outside their own environment.

Paulo · October 18, 2024, 10:59pm

Hi @drReech, within your Custom Auth flow, you can access the REFRESH_TOKEN after is saved in a variable using {{ http1.refreshToken }}, replace http1 with the correct name that shows up on that step. But why do we need to pass the REFRESH_TOKEN to a new auth?

Do you mean Retool Workflows? User-based authentication is not supported in Workflows.

drReech · October 21, 2024, 8:01am

Hi Paulo,
Thanks for the response - @Darren gave me the perfect response so it's all good.
Saving custom OAuth variables to DB for later access - #6 by Darren
Appreciate the response in any case.