Creating a Custom Authentication Application
Creating a Custom Authentication Application
This section describes how to create custom authentication applications for use with PKCE, OAuth, and custom connections. Developers writing client side applications can use PKCE to test applications locally, because PKCE does not require a client secret.
OAuth
To create and register an OAuth application for desktop, web, or headless servers, and obtain the OAuthClientId and OAuthClientSecret:- Log in to the Xero developer portal.
- Navigate to My Apps > Add Application.
- Choose the application type Auth Code.
- Enter a name for your application and the URL of your company. This information is displayed to users when they connect.
- Add a Redirect URI. The same URI should be set in CallbackURL.
- Click Save. Xero displays the OAuth Client ID of the new application.
- Create a new OAuth Client Secret.
- Set OAuthClientId and OAuthClientSecret to the credentials you just obtained.
Custom Connections
Xero also supports server-to-server OAuth integrations using Custom Connections. Licenses for these connections must be purchased from Xero before they can be used in production organizations. They can also be linked to demo organizations for free.To register a custom connection application in Xero:
- Log in to the Xero developer portal.
- Navigate to My Apps > Add Application.
- Specify an application type of Custom Connection.
- Select a list of scopes to which this application should have access. To avoid permission conflicts when connecting the provider, we recommend that you select all the available scopes. You can also select scopes individually, but if you do this you must update the Scope connection property to match.
- If desired, choose a user to authorize the connection. If you do this, the application can only be linked to an organization that this user can access.
- Click Save and Connect. Xero sends an email to the user you selected, which contains instructions on how to link the application to an organization.
- Wait for the user to link the application.
- Return to the developer portal and open the application settings.
- Click the Configuration tab and scroll to the Client Id. The CLient ID is used to set the OAuthClientId application property.
- Click Generate a Secret.
- Copy the secret you just generated, and apply it to the OAuthClientSecret property.