Sample javascript for an auth popup to connect to Xero's OAuth API
Latest commit 4ec148b Apr 15, 2010 @nikz Xero Login javascript
Failed to load latest commit information.
README.textile Xero Login javascript Apr 15, 2010
example.html Xero Login javascript Apr 15, 2010
prototype.js Xero Login javascript Apr 15, 2010
style.css Xero Login javascript Apr 15, 2010
xero_login.js Xero Login javascript Apr 15, 2010


Xero Login

This is some sample JS to help you along the path of creating a script to show the Authorization screen for Xero’s API in a popup window.

It’s similar to the one in use in MinuteDock.


First, set xero_login_url. This should point to a URL on your system where you generate a request token, and then redirect the user to the Request Token’s authorize url.

In MinuteDock (a Rails app), our action looks kind of like this:

  def new
    xero_gateway =, OAUTH_CONSUMER_SECRET)
    # saving these so we can use them to authorize when the user returns
    session[:request_token]  = xero_gateway.request_token.token
    session[:request_secret] = xero_gateway.request_token.secret
    # now that Xero supports it, you can also specify a :callback_url here.
    redirect_to xero_gateway.request_token.authorize_url

(We’re using Tim Connor’s most excellent Xero Gateway Plugin)

Your Authorize Callback should then run the following Javascript:


(This will close the popup window and tell XeroLogin it’s no longer needed)

You can invoke a XeroLogin by simply instantiating the class:

  new XeroLogin(false, function() {

     // this is the callback that's executed once .logged_in() is called
     alert("Connected successfully!");

You can specify a token expiry time for the first parameter (Xero OAuth tokens expire after 30 minutes). If you do that, then the popup will only
be invoked if the user’s token would have expired since they’ve loaded the page.


Questions, comments & suggestions can be directed to