CODEWITHSUNDEEP
xero-api
Martin
Martin

Reputation: 11

How to generate an access token in Xero with OAuth 2.0?

I am trying to generate an access and a refresh token using the new Xero authorization via OAuth 2.0 in Postman but the response is always "error": "invalid_client".

I've been following the instructions on https://developer.xero.com/documentation/oauth2/auth-flow, creating the verification code required for generating the access token and using the same client_id which was used for creating the verification code.

Code request:

https://login.xero.com/identity/connect/authorize?response_type=code&client_id=81158066DB8B43A9AEF0DDDCCA627E80&redirect_uri=https://google.com&scope=offline_access openid profile email accounting.transactions&state=123

Response with code:

https://www.google.com/?code=dcc89ab12dcbbbf8490cf5d608c9113fd2a08b89df21cd3083981d9626827130&scope=openid%20profile%20email%20accounting.transactions&state=123&session_state=GntauNK0X33LYCcKjEC4r-lKK9zSuJAPLsYQ14Tc0E8.9c96656e0bb655da4343a4c8e5fa12cb

Access Token request:

POST https://identity.xero.com/connect/token?grant_type=authorization_code&code=dcc89ab12dcbbbf8490cf5d608c9113fd2a08b89df21cd3083981d9626827130&redirect_uri=https://google.com

Headers:

Authorization: "Basic " + base64encode(81158066DB8B43A9AEF0DDDCCA627E80 + ":" + mRbxQuOQ01S8twNg1wxdkwIzrtWN8HGUpYu9wy5kYgFJf2t-)

Content-Type: application/x-www-form-urlencoded

When I use Basic Auth in Postman the response is "error": "unsupported_grant_type".

POST https://identity.xero.com/connect/token?grant_type=authorization_code&code=dcc89ab12dcbbbf8490cf5d608c9113fd2a08b89df21cd3083981d9626827130&redirect_uri=https://google.com

Headers:

Authorization: Basic ODExNTgwNjZEQjhCNDNBOUFFRjBERERDQ0E2MjdFODA6ZE5YY0V2UldqX2YwdVY4X3cyLS1wOTFvZHpOM2doaWN3WnJVM05jUzJjR2VpQVBp

Content-Type: application/x-www-form-urlencoded

Any idea what mistake I am doing?

Upvotes: 1

Views: 4088

Answers (2)

Adam Moore
Adam Moore

Reputation: 371

If you're using Postman to manually step through the auth flow, here's how you can request an access token :

On the Headers tab add the Authorization header with your encoded client id and secret (like you described) and the set the content type to application/x-www-form-urlencoded headers

Then on the Body tab choose the x-www-form-urlencoded radio button then set the grant_type to authorization_code, set your redirect_url and your code Body

All that said, you should only do this if you're troubleshooting the auth flow. If you just want to make API calls you should just use the OAuth2 helper on the Authorization tab https://learning.getpostman.com/docs/postman/sending_api_requests/authorization/#oauth-20

Upvotes: 2

Nirav
Nirav

Reputation: 64

Can you check that your redirect_uri matches the redirect URI saved against your app, your client id is correct and the scopes are valid ?

Upvotes: 0

Related Questions