(DataFlex) Get a Xero OAuth2 Access Token via PKCE

See more Xero Examples

Gets a Xero OAuth2 access token via PKCE.

For more information, see https://github.com/XeroAPI/Xero-Postman-Tutorial-PKCE-Edition

Chilkat ActiveX Downloads

ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
Handle hoOauth2
Boolean iSuccess
String sUrl
Integer iNumMsWaited
Handle hoSbJson
String sTemp1
Integer iTemp1
Boolean bTemp1

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

Get Create (RefClass(cComChilkatOAuth2)) To hoOauth2
If (Not(IsComObjectCreated(hoOauth2))) Begin
Send CreateComObject of hoOauth2
End

// For Xero OAuth2, set the listen port equal to the port used
// in the Authorized Redirect URL for the Client ID.
// For example, in this case the Authorized Redirect URL would be http://localhost:55568/
// (The final "/" char is important to include in your Authorized Redirect URL in the Xero application settings in the Xero developer portal.)
// Your app should choose a port not likely not used by any other application.
// See Xero OAuth2 for Desktop Apps for more information.
Set ComListenPort Of hoOauth2 To 55568

Set ComAuthorizationEndpoint Of hoOauth2 To "https://login.xero.com/identity/connect/authorize"
Set ComTokenEndpoint Of hoOauth2 To "https://identity.xero.com/connect/token"

// Replace this with your actual Client ID.
Set ComClientId Of hoOauth2 To "XERO_APP_OAUTH2_CLIENT_ID"

// To use PKCE, enable code challenge and set the code challenge method to "S256".
Set ComCodeChallenge Of hoOauth2 To True
Set ComCodeChallengeMethod Of hoOauth2 To "S256"

// See https://developer.xero.com/documentation/oauth2/scopes for a complete list of scopes.
// You will need to change the scopes depending on what access is needed..
Set ComScope Of hoOauth2 To "openid profile email accounting.transactions accounting.attachments accounting.settings payroll.employees offline_access"

// Begin the OAuth2 three-legged flow. This returns a URL that should be loaded in a browser.
Get ComStartAuth Of hoOauth2 To sUrl
Get ComLastMethodSuccess Of hoOauth2 To bTemp1
If (bTemp1 <> True) Begin
Get ComLastErrorText Of hoOauth2 To sTemp1
Showln sTemp1
Procedure_Return
End

Showln "URL: " sUrl

// At this point, your application should load the URL in a browser.
// For example,
// in C#: System.Diagnostics.Process.Start(url);
// in Java: Desktop.getDesktop().browse(new URI(url));
// in VBScript: Set wsh=WScript.CreateObject("WScript.Shell")
// wsh.Run url
// in Xojo: ShowURL(url) (see http://docs.xojo.com/index.php/ShowURL)
// in Dataflex: Runprogram Background "c:\Program Files\Internet Explorer\iexplore.exe" sUrl
// in dBASE: run(false, 'rundll32 url.dll,FileProtocolHandler "' + lcUrl + '"')
// The Google account owner would interactively accept or deny the authorization request.

// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...
// Add the code to load the url in a web browser here...
// System.Diagnostics.Process.Start(url);

// Now wait for the authorization.
// We'll wait for a max of 60 seconds.
Move 0 To iNumMsWaited
While ((iNumMsWaited < 60000) And ((ComAuthFlowState(hoOauth2)) < 3))
Send ComSleepMs To hoOauth2 100
Move (iNumMsWaited + 100) To iNumMsWaited
Loop

// If there was no response from the browser within 30 seconds, then
// the AuthFlowState will be equal to 1 or 2.
// 1: Waiting for Redirect. The OAuth2 background thread is waiting to receive the redirect HTTP request from the browser.
// 2: Waiting for Final Response. The OAuth2 background thread is waiting for the final access token response.
// In that case, cancel the background task started in the call to StartAuth.
Get ComAuthFlowState Of hoOauth2 To iTemp1
If (iTemp1 < 3) Begin
Get ComCancel Of hoOauth2 To iSuccess
Showln "No response from the browser!"
Procedure_Return
End

// Check the AuthFlowState to see if authorization was granted, denied, or if some error occurred
// The possible AuthFlowState values are:
// 3: Completed with Success. The OAuth2 flow has completed, the background thread exited, and the successful JSON response is available in AccessTokenResponse property.
// 4: Completed with Access Denied. The OAuth2 flow has completed, the background thread exited, and the error JSON is available in AccessTokenResponse property.
// 5: Failed Prior to Completion. The OAuth2 flow failed to complete, the background thread exited, and the error information is available in the FailureInfo property.
Get ComAuthFlowState Of hoOauth2 To iTemp1
If (iTemp1 = 5) Begin
Showln "OAuth2 failed to complete."
Get ComFailureInfo Of hoOauth2 To sTemp1
Showln sTemp1
Procedure_Return
End

Get ComAuthFlowState Of hoOauth2 To iTemp1
If (iTemp1 = 4) Begin
Showln "OAuth2 authorization was denied."
Get ComAccessTokenResponse Of hoOauth2 To sTemp1
Showln sTemp1
Procedure_Return
End

Get ComAuthFlowState Of hoOauth2 To iTemp1
If (iTemp1 <> 3) Begin
Get ComAuthFlowState Of hoOauth2 To iTemp1
Showln "Unexpected AuthFlowState:" iTemp1
Procedure_Return
End

// Save the full JSON access token response to a file.
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbJson
If (Not(IsComObjectCreated(hoSbJson))) Begin
Send CreateComObject of hoSbJson
End
Get ComAccessTokenResponse Of hoOauth2 To sTemp1
Get ComAppend Of hoSbJson sTemp1 To iSuccess
Get ComWriteFile Of hoSbJson "qa_data/tokens/xero-access-token.json" "utf-8" False To iSuccess

// The saved JSON response looks like this:

// {
// "access_token": "...",
// "token_type": "Bearer",
// "expires_in": 3600,
// "refresh_token": "..."
// }
//
Showln "OAuth2 authorization granted!"
Get ComAccessToken Of hoOauth2 To sTemp1
Showln "Access Token = " sTemp1

End_Procedure