Sample code for 30+ languages & platforms
Chilkat2-Python

Xero OAuth1 Authorization (3-legged)

Demonstrates 3-legged OAuth1 authorization for Xero

Chilkat Chilkat2-Python Downloads

Chilkat2-Python
import sys
import chilkat2

success = False

consumerKey = "XERO_CONSUMER_KEY"
consumerSecret = "XERO_CONSUMER_SECRET"

requestTokenUrl = "https://api.xero.com/oauth/RequestToken"
authorizeUrl = "https://api.xero.com/oauth/Authorize"
accessTokenUrl = "https://api.xero.com/oauth/AccessToken"

# The port number is picked at random. It's some unused port that won't likely conflict with anything else..
callbackUrl = "http://localhost:3017/"
callbackLocalPort = 3017

# The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
http = chilkat2.Http()

http.OAuth1 = True
http.OAuthConsumerKey = consumerKey
http.OAuthConsumerSecret = consumerSecret
http.OAuthCallback = callbackUrl

req = chilkat2.HttpRequest()

req.HttpVerb = "POST"
req.ContentType = "application/x-www-form-urlencoded"

resp = chilkat2.HttpResponse()
success = http.HttpReq(requestTokenUrl,req,resp)
if (success == False):
    print(http.LastErrorText)
    sys.exit()

# If successful, the resp.BodyStr contains something like this:  
# oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
print(resp.BodyStr)

hashTab = chilkat2.Hashtable()
hashTab.AddQueryParams(resp.BodyStr)

requestToken = hashTab.LookupStr("oauth_token")
requestTokenSecret = hashTab.LookupStr("oauth_token_secret")
http.OAuthTokenSecret = requestTokenSecret

print("oauth_token = " + requestToken)
print("oauth_token_secret = " + requestTokenSecret)

# ---------------------------------------------------------------------------
# The next step is to form a URL to send to the authorizeUrl
# This is an HTTP GET that we load into a popup browser.
sbUrlForBrowser = chilkat2.StringBuilder()
sbUrlForBrowser.Append(authorizeUrl)
sbUrlForBrowser.Append("?oauth_token=")
sbUrlForBrowser.Append(requestToken)
url = sbUrlForBrowser.GetAsString()

# When the urlForBrowser is loaded into a browser, the response from Xero will redirect back to localhost:3017
# We'll need to start a socket that is listening on port 3017 for the callback from the browser.
listenSock = chilkat2.Socket()

backLog = 5
success = listenSock.BindAndListen(callbackLocalPort,backLog)
if (success == False):
    print(listenSock.LastErrorText)
    sys.exit()

# Wait for the browser's connection in a background thread.
# (We'll send load the URL into the browser following this..)
# Wait a max of 60 seconds before giving up.
sock = chilkat2.Socket()
maxWaitMs = 60000
# task is a CkTask
task = listenSock.AcceptNextAsync(maxWaitMs,sock)
task.Run()

# Launch the system's default browser navigated to the URL.
oauth2 = chilkat2.OAuth2()
success = oauth2.LaunchBrowser(url)
if (success == False):
    print(oauth2.LastErrorText)
    sys.exit()

# Wait for the listenSock's task to complete.
success = task.Wait(maxWaitMs)
if (not success or (task.StatusInt != 7) or (task.TaskSuccess != True)):
    if (not success):
        # The task.LastErrorText applies to the Wait method call.
        print(task.LastErrorText)
    else:
        # The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        print(task.Status)
        print(task.ResultErrorText)

    sys.exit()

# If we get to this point, the connection from the browser arrived and was accepted.

# We no longer need the listen socket...
# Stop listening on port 3017.
listenSock.Close(10)

# Read the start line of the request..
startLine = sock.ReceiveUntilMatch("\r\n")
if (sock.LastMethodSuccess == False):
    print(sock.LastErrorText)
    sys.exit()

# Read the request header.
requestHeader = sock.ReceiveUntilMatch("\r\n\r\n")
if (sock.LastMethodSuccess == False):
    print(sock.LastErrorText)
    sys.exit()

# The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
# Once the request header is received, we have all of it.
# We can now send our HTTP response.
sbResponseHtml = chilkat2.StringBuilder()
sbResponseHtml.Append("<html><body><p>Chilkat thanks you!</b></body</html>")

sbResponse = chilkat2.StringBuilder()
sbResponse.Append("HTTP/1.1 200 OK\r\n")
sbResponse.Append("Content-Length: ")
sbResponse.AppendInt(sbResponseHtml.Length)
sbResponse.Append("\r\n")
sbResponse.Append("Content-Type: text/html\r\n")
sbResponse.Append("\r\n")
sbResponse.AppendSb(sbResponseHtml)

sock.SendString(sbResponse.GetAsString())
sock.Close(50)

# The information we need is in the startLine.
# For example, the startLine will look something like this:
#  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0 HTTP/1.1
sbStartLine = chilkat2.StringBuilder()
sbStartLine.Append(startLine)
numReplacements = sbStartLine.Replace("GET /?","")
numReplacements = sbStartLine.Replace(" HTTP/1.1","")
sbStartLine.Trim()

# oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd&org=mUkIZabcdKEababcd189t0
print("startline: " + sbStartLine.GetAsString())

hashTab.Clear()
hashTab.AddQueryParams(sbStartLine.GetAsString())

requestToken = hashTab.LookupStr("oauth_token")
authVerifier = hashTab.LookupStr("oauth_verifier")

# ------------------------------------------------------------------------------
# Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

http.OAuthToken = requestToken
http.OAuthVerifier = authVerifier

req.HttpVerb = "POST"
req.ContentType = "application/x-www-form-urlencoded"

success = http.HttpReq(accessTokenUrl,req,resp)
if (success == False):
    print(http.LastErrorText)
    sys.exit()

# Make sure a successful response was received.
if (resp.StatusCode != 200):
    print(resp.StatusLine)
    print(resp.Header)
    print(resp.BodyStr)
    sys.exit()

# If successful, the resp.BodyStr contains something like this:
# oauth_token=85123455-fF41296Bi3daM8eCo9Y5vZabcdxXpRv864plYPOjr&oauth_token_secret=afiYJOgabcdSfGae7BDvJVVTwys8fUGpra5guZxbmFBZo&oauth_expires_in=1800&xero_org_muid=abcdecNhPKabcdNjz189t0
print(resp.BodyStr)

hashTab.Clear()
hashTab.AddQueryParams(resp.BodyStr)

accessToken = hashTab.LookupStr("oauth_token")
accessTokenSecret = hashTab.LookupStr("oauth_token_secret")
orgMuid = hashTab.LookupStr("xero_org_muid")
expiresIn = hashTab.LookupStr("oauth_expires_in")

# The access token + secret is what should be saved and used for
# subsequent REST API calls.
print("Access Token = " + accessToken)
print("Access Token Secret = " + accessTokenSecret)
print("xero_org_muid = " + orgMuid)
print("oauth_expires_in  = " + expiresIn)

# Save this access token for future calls.
# Just in case we need xero_org_muid and oauth_expires_in, save those also..
json = chilkat2.JsonObject()
json.AppendString("oauth_token",accessToken)
json.AppendString("oauth_token_secret",accessTokenSecret)
json.AppendString("xero_org_muid",orgMuid)
json.AppendString("oauth_expires_in",expiresIn)

fac = chilkat2.FileAccess()
fac.WriteEntireTextFile("qa_data/tokens/xero.json",json.Emit(),"utf-8",False)

print("Success.")