Skip to content

Commit

Permalink
readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@kodyxero
kodyxero committed Aug 26, 2019
1 parent ee3b4a7 commit 9ad38a8
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ It demonstrates how to:
* retrieve a user authorized API access token,
* retrieve an ID token with the user's identity details
* fetch the Xero Organisations which the user authorized access to
* make a request to the Xero API using an Organisation ID as the tenantId required in the header for API calls made with OAuth 2 tokens,
* make a request to the Xero API using an Organisation ID as the tenantId required in the header for API calls made with OAuth 2 tokens
* use the refresh token to collect a new active access token from the API.

## Setup
Expand All @@ -22,15 +22,15 @@ npm install
**Setup config.json**


Configure your OAuth 2 credentials in My Apps at developer.xero.com. In the credentials page set your callback URL to the callback URL you would like to test with (ex: localhost:3000/callback) and immediately save the generated clientId and client secret as the secret will only be viewable this one time upon generation. If you need to generate a new secret you can.
Configure your OAuth 2 credentials in My Apps at developer.xero.com. In the credentials page set your callback URL to the callback URL you would like to test with (ex: 'http://localhost:5000/callback') and immediately save the generated clientId and client secret as the secret will only be viewable this one time upon generation. If you need to generate a new secret you can.

Paste your clientId and client secret into the config.json file with the matching callback URL in the 'REDIRCT_URL' field.

_note: I wouldn't recommend using a config.json for storing sensitive credentials in a production app. In production as an industry best practice its better to use a .env file, this is just a proof of concept example._

**Scopes**

You can use the default scopes included in this example config.json, but to expirement with the full list of scopes and what they do please see this list - https://docs.google.com/spreadsheets/d/15yo_HcpmtglKHmqHH20YbKpcECaf1th3EUeGNl5oINk/edit?usp=sharing.
You can use the default scopes included in this example config.json, but to expirement with the full list of scopes and what they do please see [this list](https://developer.xero.com/documentation/oauth2/scopes).

some explanations:

Expand All @@ -44,6 +44,7 @@ some explanations:
```bash
npm start
```
From the app root page click through the OAuth flow and return to the console to see the results from the API printed. The accessToken and idToken are encoded JSON web tokens (JWT), so the idToken 'claims' are decoded and printed as well to show the details inside. Once the OAuth flow is complete try getting API data back or refreshing the token with the buttons on the /home page.

## Stop

Expand Down

0 comments on commit 9ad38a8

Please sign in to comment.