What's the use case for this package?

[C-Collamar]

It seems by design that this package can only be used for applications that assume the server can only be connected to one Xero account. Is it correct?

Say the resource owner wants to connect with Xero; the client hits the xero.auth.authorize endpoint, a consent screen appears, owner consents, then the Xero authorization server sends an auth code directly to our Laravel server.

If the auth code is not passed to the user agent first before relaying it to our server, how is our server supposed to know which user to associate the token to?

[hailwood]

Hi Christian,

Please see this part of the readme https://github.com/webfox/laravel-xero-oauth2#credential-storage You're right that the original design of the package assumed you would only connect the application to a single Xero account.

Version two allowed you to change this, but doesn't provide the default mechanism for you to store the new details (as we have no idea what context you'd like to switch).

As for the context on return, that again is up to your application, remember the xero servers after the user has consented redirects the user back to your application with the access token so you have the full session and context of the logged in user at your disposal, it's not some background request from Xero :)

I hope that helps.

Regards, Matt