search

langleyfoxall / xero-laravel

💸 Access the Xero accounting system using an Eloquent-like syntax
https://packagist.org/packages/langleyfoxall/xero-laravel
GNU Lesser General Public License v3.0
85 stars 40 forks source link

How to capture Oauth2 response for access token? #43

Closed TG-NC closed 3 years ago

TG-NC commented 3 years ago

Hi,

I'm having trouble understanding how to set up the Oauth2 authorisation in a controller. I have created a XeroController and used the redirectUserToXero() function to get a redirect response back from Xero. However, I am unable to pass the redirect response received from redirectUserToXero() into the handleCallbackFromXero() function. Is there a step I'm missing? I'm unsure how to make the two functions connect.

seanmccabe commented 3 years ago

Need to make an appropriate route in your routes/web.php file to each of these functions within the controller.

web.php Route::get('/login/xero', 'XeroController@redirectUserToXero');

Whatever url you put into the Xero application as the return url, this should be in your routes file and pointing to handleCallbackFromXero().

web.php Route::get('/login/xero/callback', 'XeroController@handleCallbackFromXero');

TG-NC commented 3 years ago

That definitely helped. I am now able to redirect the user to Xero properly. Unfortunately, the redirect URI that Xero returns is throwing a 403 error. How do I allow access to my site from Xero to get the return access token?

seanmccabe commented 3 years ago

That definitely helped. I am now able to redirect the user to Xero properly. Unfortunately, the redirect URI that Xero returns is throwing a 403 error. How do I allow access to my site from Xero to get the return access token?

Need to ensure that that route doesn't include the auth middleware

abhimanusharma commented 3 years ago 
{message: "Invalid `state`. Request may have been tampered with.",…}
exception: "LangleyFoxall\\XeroLaravel\\Exceptions\\InvalidOAuth2StateException"
file: "/var/www/html/project_dev/vendor/langleyfoxall/xero-laravel/src/OAuth2.php"
line: 108
message: "Invalid `state`. Request may have been tampered with."
trace: [{file: "/var/www/html/project_dev/app/Service/XeroApiService.php", line: 25,…},…]

Same issue with me, We wanted to use this project with REST api but when I try to call the api after returning to the website then I get this error.

I am making get request using axios from my vue app to Laravel like this.

let xero_callback = this.$route.query;
    if(xero_callback.code) {
      let data = {
        params: {
          code: xero_callback.code,
          scope: xero_callback.scope,
          state: xero_callback.state,
          session_state: xero_callback.session_state,
        }
      }
      HTTP.get(`api/xero/callback`, data)
      .then(response => {
        console.log(response.data);
      })
      .catch(error => {
        console.log(error);
      })
    }
seanmccabe commented 3 years ago

The Oauth2 system there can't be used like that.

You will more than likely need to wait for Xeros machine to machine implementation which is due out at end of May. See their dev area for info

abhimanusharma commented 3 years ago

@seanmccabe

I have tried to call the action on web http request on browser(no api request) but got same error. Can you display or explain the way to manage the request on callback after returning from xero auth url?

Exception
LangleyFoxall\XeroLaravel\Exceptions\InvalidOAuth2StateException: Invalid `state`. Request may have been tampered with. in /var/www/html/project_dev/vendor/langleyfoxall/xero-laravel/src/OAuth2.php:108 Stack trace: #0
/var/www/html/project_dev/app/Service/XeroApiService.php(27): LangleyFoxall\XeroLaravel\OAuth2->getAccessTokenFromXeroRequest(Object(Illuminate\Http\Request)) #1
/var/www/html/project_dev/app/Http/Controllers/Xero/XeroController.php(27): App\Service\XeroApiService->handleCallback(Object(Illuminate\Http\Request)) #2
/var/www/html/project_dev/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): App\Http\Controllers\Xero\XeroController->handleCallbackFromXero(Object(Illuminate\Http\Request)) #3
/var/www/html/project_dev/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\Routing\Controller->callAction('handleCallbackF...', Array) #4

Note: I do not have any middleware in my routes for redirectUserToXero() and callback route, even than this is the error I am getting.

TG-NC commented 3 years ago

It turns out I was getting a forbidden 403 error because I was developing on our localhost platform. Xero refuses to work with a non-secure website (http vs https). So once I set up a testing environment on the live site it worked perfectly. Alternatively, I believe that there are ways to secure your localhost, but I had run out of time to implement this.

dhinesh-kumar-m commented 3 years ago

i faced the same issue its just because of using http://127.0.0.1:8000/ instead of http://localhost:8000