API OAuth 2.0 - XERO acces with R receiving status 400

Question

We have to migrate to Oauth 2.0. However, I am facing the following issues. Status 400 I believe due to some parameters that may not be entered right. If anyone know what could

Answer 1

I did my workaround and got it running. This is the way to access the Oauth 2.0.

pack <- c('curl','xml2','XML', 'plyr', 'dplyr','tidyr', 'httr', 'tools', 'lubridate',
          'jsonlite', 'stringr', 'data.table', 'anytime', 'RCurl', 'rvest', 'opnessl', 'jose')
sapply(pack, function(x){ 
  if(!require(x,character.only = T, quietly = T)) {install.packages(x, quiet = T)}
  require(x, quietly = T, character.only = T)
})

#New Xero & WFM Api OAuth 2.0 credentials
Client_ID <- 'YOUR_ID'
Client_secret<- 'YOUR_SECRET'

XTID_Xero <- 'YOUR_XTID'#Referral_ID 
Redirect_URI <- 'YOUR_CALL_BACK_URL' #OAuth 2.0 redirect URI

# Create the app
app <- oauth_app("YOUR_API_NAME",
                 key = Client_ID,
                 secret = Client_secret,
                 redirect_uri = Redirect_URI
  
)
# Create the endpoint
create_endpoint <- function()
{
  request <- "https://identity.xero.com/connect/token"
  authorize <- "https://login.xero.com/identity/connect/authorize"
  access <- "https://identity.xero.com/connect/token"
  httr::oauth_endpoint(request, authorize, access)
}
api <- create_endpoint()

header <- httr::add_headers(Authorization=paste0("Basic ", RCurl::base64Encode(charToRaw(paste0(Client_ID, ":", Client_secret)))))
content_type <- httr::content_type("application/x-www-form-urlencoded")

# Define the scope
scope_WFM <- "openid profile offline_access payroll.employees.read payroll.payruns.read payroll.payslip.read payroll.timesheets.read accounting.transactions.read accounting.reports.read accounting.journals.read"

# Get the code
httr::BROWSE(oauth2.0_authorize_url(api, app, scope = scope_WFM))
#get the code from the URL displayed in your browser
code_xero <- 'YOR_CODE'
state_xero <- 'YOUR_STATE'

token <- httr::oauth2.0_token(
     endpoint = api,
     app = app,
     scope = scope_WFM,
     config_init = c(header, content_type),
     use_basic_auth = TRUE,
     query_authorize_extra = list(prompt = "login"),
     type = "code",
     credentials = oauth2.0_access_token(api, app, code_xero),
     cache = FALSE
   )


  #get your xero-tenant-id
    access <- GET("https://api.xero.com/connections", config = token)
    connections <- content(access, 'text')
    connections <- fromJSON(connections, flatten = T)

Answer 2

looks like you are close. Like MrFlick said without your client ID and starting a case with Xero API tech support (email api@xero.com with your client id and dat of log) its hard to know for sure.

One tip might be it, your redirect URI has to match exactly same value that is in your https://developer.xero.com/myapps/details?appId=<app_uuid> dashboard including an end slash.

Also - what is the body of the 400 error, there should be something like

{
  "error": "invalid_grant"
}

Which will help you deduce what is wrong more easily.

https://developer.xero.com/documentation/oauth2/troubleshooting