Open scaganoff opened 11 years ago
yamen
commented
11 years ago Andy, will let you respond here. My understanding is that Xero just needs an API key and no OAuth 2.0 handshake is required (just OAuth 1.0).
However, I remember you had some work done around a certificate or something?
andyevans
commented
11 years ago Yamen, you've hit it on the head here. The @OAuth annotations have been in the DevKit for a little while but had some additional functionality added in one of the more recent releases for OAuth 2.0 handshaking - i believe this was directly in line with the release of a number of Google cloud connectors which make use of this functionality.
Since Xero uses OAuth 1.0 and has no plans to move to 2.0 as far as i can see, we are able to use the two-legged OAuth approach (or 'private' application as Xero calls it). The pro of this is that once everything is in place we can run processes (e.g. timer-driven) in the background without the need for human/browser interaction in order to get an access token. The con is that there is an extra step in the setup process which requires an organisation to register a private application with Xero, upload a private key etc in order to obtain a consumer key and secret.
Mule DevKit provides token management capabilities for OAuth. I don't see any of this happening in the Xero connector so am concenred that new tokens are being issued for every call rather than once per session. This has performance (and perhaps security) implications.
See: http://www.mulesoft.org/documentation/display/DEVKIT/Authorizing+your+Connector+with+OAuth+2.0