-
Notifications
You must be signed in to change notification settings - Fork 132
Expand file tree
/
Copy pathXeroClient.cs
More file actions
385 lines (335 loc) · 15 KB
/
XeroClient.cs
File metadata and controls
385 lines (335 loc) · 15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Cryptography;
using Xero.NetStandard.OAuth2.Models;
using IdentityModel.Client;
using Newtonsoft.Json;
using Xero.NetStandard.OAuth2.Config;
using Xero.NetStandard.OAuth2.Token;
namespace Xero.NetStandard.OAuth2.Client
{
public class XeroClient : IXeroClient
{
public XeroConfiguration xeroConfiguration { get; set; }
private readonly RequestUrl _xeroAuthorizeUri;
private readonly HttpClient _httpClient;
/// <summary>
/// Constructor, pass in xeroConfig and httpClient to generate the XeroClient. Can be used in conjunction with AddHttpClient extension of ServiceProvider for dependency injection
/// </summary>
/// <param name="xeroConfig"></param>
/// <param name="httpClient"></param>
public XeroClient(XeroConfiguration xeroConfig, HttpClient httpClient)
{
xeroConfiguration = xeroConfig;
_xeroAuthorizeUri = new RequestUrl($"{xeroConfiguration.XeroLoginBaseUri}/identity/connect/authorize");
_httpClient = httpClient ?? throw new ArgumentNullException(nameof(httpClient));
}
/// <summary>
/// Constructor, pass in xeroConfig to generate the XeroClient. Creates an HttpClient by default to use for requests
/// </summary>
/// <param name="xeroConfig"></param>
public XeroClient(XeroConfiguration xeroConfig) : this(xeroConfig, new HttpClient())
{
}
/// <summary>
/// Builds a XeroLogin URL for code flow
/// </summary>
/// <returns>A valid initial redirect URI for Xero OAuth 2.0 authorisation flow.</returns>
public string BuildLoginUri()
{
return BuildLoginUri(xeroConfiguration.State);
}
/// <summary>
/// Builds a XeroLogin URL for code flow, allows state to be passed in.
/// </summary>
/// <returns>A valid initial redirect URI for Xero OAuth 2.0 authorisation flow.</returns>
public string BuildLoginUri(string state)
{
return BuildLoginUri(state, xeroConfiguration.Scope);
}
/// <summary>
/// Builds a XeroLogin URL for code flow, allows state and scope to be passed in.
/// </summary>
/// <returns>A valid initial redirect URI for Xero OAuth 2.0 authorisation flow.</returns>
public string BuildLoginUri(string state, string scope)
{
var url = _xeroAuthorizeUri.CreateAuthorizeUrl(
clientId: xeroConfiguration.ClientId,
responseType: "code",
redirectUri: xeroConfiguration.CallbackUri.AbsoluteUri,
state: state,
scope: scope
);
return url;
}
/// <summary>
/// Builds a XeroLogin URL for PKCE flow with codeVerifier input
/// </summary>
/// <returns>A valid initial redirect URI for Xero OAuth 2.0 authorisation flow.</returns>
public string BuildLoginUriPkce(string codeVerifier)
{
return BuildLoginUriPkce(codeVerifier, xeroConfiguration.State);
}
/// <summary>
/// Builds a XeroLogin URL for PKCE flow with codeVerifier and state as inputs.
/// </summary>
/// <returns>A valid initial redirect URI for Xero OAuth 2.0 authorisation flow.</returns>
public string BuildLoginUriPkce(string codeVerifier, string state)
{
return BuildLoginUriPkce(codeVerifier, state, xeroConfiguration.Scope);
}
/// <summary>
/// Builds a XeroLogin URL for PKCE flow with codeVerifier, state and scope as inputs.
/// </summary>
/// <returns>A valid initial redirect URI for Xero OAuth 2.0 authorisation flow.</returns>
public string BuildLoginUriPkce(string codeVerifier, string state, string scope)
{
string codeChallenge = null;
/// Validating the code verifiier, read more at https://developer.xero.com/documentation/oauth2/pkce-flow
if (codeVerifier.Length < 43 || codeVerifier.Length > 128) {
throw new Exception("The code verifier must be between 43 and 128 characters.");
} else {
SHA256 sha256 = SHA256Managed.Create();
var codeVerifierTextBytes = System.Text.ASCIIEncoding.ASCII.GetBytes(codeVerifier);
byte[] sha256Hash = sha256.ComputeHash(codeVerifierTextBytes);
codeChallenge = System.Convert.ToBase64String(sha256Hash)
.Replace("=", "")
.Replace("/", "_")
.Replace("+", "-");
}
var url = _xeroAuthorizeUri.CreateAuthorizeUrl(
clientId: xeroConfiguration.ClientId,
responseType: "code",
redirectUri: xeroConfiguration.CallbackUri.AbsoluteUri,
state: state,
scope: scope,
codeChallenge: codeChallenge,
codeChallengeMethod: "S256"
);
return url;
}
/// <summary>
/// Refreshes your current token
/// </summary>
/// <param name="xeroToken"></param>
/// <returns></returns>
public async Task<IXeroToken> RefreshAccessTokenAsync(IXeroToken xeroToken)
{
if (xeroToken == null)
{
throw new ArgumentNullException("xeroToken");
}
var response = await _httpClient.RequestRefreshTokenAsync(new RefreshTokenRequest
{
Address = $"{xeroConfiguration.XeroIdentityBaseUri}/connect/token",
ClientId = xeroConfiguration.ClientId,
ClientSecret = xeroConfiguration.ClientSecret,
RefreshToken = xeroToken.RefreshToken
});
if (response.IsError)
{
throw new Exception(response.Error);
}
xeroToken.AccessToken = response.AccessToken;
xeroToken.RefreshToken = response.RefreshToken;
xeroToken.IdToken = response.IdentityToken;
xeroToken.ExpiresAtUtc = DateTime.UtcNow.AddSeconds(response.ExpiresIn);
return xeroToken;
}
/// <summary>
/// Requests a fully formed IXeroToken with list of tenants filled
/// </summary>
/// <returns></returns>
public async Task<IXeroToken> RequestClientCredentialsTokenAsync(bool fetchTenants=true)
{
var response = await _httpClient.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = $"{xeroConfiguration.XeroIdentityBaseUri}/connect/token",
ClientId = xeroConfiguration.ClientId,
ClientSecret = xeroConfiguration.ClientSecret,
Scope = xeroConfiguration.Scope
});
if (response.IsError)
{
throw new Exception(response.Error);
}
var xeroToken = new XeroOAuth2Token()
{
AccessToken = response.AccessToken,
ExpiresAtUtc = DateTime.UtcNow.AddSeconds(response.ExpiresIn)
};
if(fetchTenants){
xeroToken.Tenants = await GetConnectionsAsync(xeroToken);
}
return xeroToken;
}
/// <summary>
/// Requests a fully formed IXeroToken with list of tenants filled
/// </summary>
/// <param name="code">Code returned from callback</param>
/// <returns></returns>
public async Task<IXeroToken> RequestAccessTokenAsync(string code)
{
var response = await _httpClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = $"{xeroConfiguration.XeroIdentityBaseUri}/connect/token",
GrantType = "code",
Code = code,
ClientId = xeroConfiguration.ClientId,
ClientSecret = xeroConfiguration.ClientSecret,
RedirectUri = xeroConfiguration.CallbackUri.AbsoluteUri,
Parameters =
{
{ "scope", xeroConfiguration.Scope}
}
});
if (response.IsError)
{
throw new Exception(response.Error);
}
var xeroToken = new XeroOAuth2Token()
{
AccessToken = response.AccessToken,
RefreshToken = response.RefreshToken,
ExpiresAtUtc = DateTime.UtcNow.AddSeconds(response.ExpiresIn),
IdToken = response.IdentityToken,
};
xeroToken.Tenants = await GetConnectionsAsync(xeroToken);
return xeroToken;
}
/// <summary>
/// Requests accesstoken and returns it inside the IXeroToken
/// Check state before calling this method to prevent CRSF
/// </summary>
/// <param name="code">code from callback</param>
/// <param name="codeVerifier">codeVerifier used for initial request</param>
/// <param name="xeroToken"></param>
/// <returns></returns>
public async Task<IXeroToken> RequestAccessTokenPkceAsync(string code, string codeVerifier)
{
var response = await _httpClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = $"{xeroConfiguration.XeroIdentityBaseUri}/connect/token",
GrantType = "code",
Code = code,
ClientId = xeroConfiguration.ClientId,
ClientSecret = xeroConfiguration.ClientSecret,
RedirectUri = xeroConfiguration.CallbackUri.AbsoluteUri,
Parameters =
{
{ "scope", xeroConfiguration.Scope}
},
CodeVerifier = codeVerifier
});
if (response.IsError)
{
throw new Exception(response.Error);
}
return new XeroOAuth2Token()
{
AccessToken = response.AccessToken,
RefreshToken = response.RefreshToken,
IdToken = response.IdentityToken,
ExpiresAtUtc = DateTime.UtcNow.AddSeconds(response.ExpiresIn)
};
}
/// <summary>
/// Convenience method to refresh token for you if it is expired
/// </summary>
/// <param name="xeroToken">your current XeroToken</param>
/// <returns></returns>
public async Task<IXeroToken> GetCurrentValidTokenAsync(IXeroToken xeroToken)
{
if (DateTime.UtcNow > xeroToken.ExpiresAtUtc)
{
return await RefreshAccessTokenAsync(xeroToken);
}
return xeroToken;
}
/// <summary>
/// Get's a list of Tokens given the accesstoken
/// </summary>
/// <param name="xeroToken"></param>
/// <returns>List of Tenants attached to accesstoken</returns>
public async Task<List<Tenant>> GetConnectionsAsync(IXeroToken xeroToken)
{
using (var requestMessage = new HttpRequestMessage(HttpMethod.Get, $"{xeroConfiguration.XeroApiBaseUri}/connections"))
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", xeroToken.AccessToken);
var result = await _httpClient.SendAsync(requestMessage);
var json = await result.Content.ReadAsStringAsync();
if (result.StatusCode == System.Net.HttpStatusCode.OK)
{
xeroToken.Tenants = JsonConvert.DeserializeObject<List<Tenant>>(json);
return xeroToken.Tenants;
}
throw new HttpRequestException(await result.Content.ReadAsStringAsync());
}
}
/// <summary>
/// Delete the connection given the accesstoken and xero tenant id
/// </summary>
/// <param name="xeroToken"></param>
/// <param name="xeroTenant"></param>
/// <returns>List of Tenants attached to accesstoken</returns>
[Obsolete("This method is being removed. Switch to using DeleteConnectionAsync using the connectionId guid")]
public async Task DeleteConnectionAsync(IXeroToken xeroToken, Tenant xeroTenant)
{
using (var requestMessage = new HttpRequestMessage(HttpMethod.Delete, $"{xeroConfiguration.XeroApiBaseUri}/connections" + "/" + xeroTenant.id))
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", xeroToken.AccessToken);
var result = await _httpClient.SendAsync(requestMessage);
if (result.StatusCode == System.Net.HttpStatusCode.NoContent)
{
return;
}
throw new HttpRequestException(await result.Content.ReadAsStringAsync());
}
}
/// <summary>
/// Delete the connection given the accesstoken and xero tenant id
/// </summary>
/// <param name="xeroToken"></param>
/// <param name="connectionId"></param>
/// <returns>Delete a connection using its connection id</returns>
public async Task DeleteConnectionAsync(IXeroToken xeroToken, Guid connectionId)
{
using (var requestMessage = new HttpRequestMessage(HttpMethod.Delete, $"{xeroConfiguration.XeroApiBaseUri}/connections" + "/" + connectionId))
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", xeroToken.AccessToken);
var result = await _httpClient.SendAsync(requestMessage);
if (result.StatusCode == System.Net.HttpStatusCode.NoContent)
{
return;
}
throw new HttpRequestException(await result.Content.ReadAsStringAsync());
}
}
/// <summary>
/// Revokes the current token - immediate disconnect all orgs and stops the user authorisation
/// </summary>
/// <param name="xeroToken"></param>
/// <returns></returns>
public async Task RevokeAccessTokenAsync(IXeroToken xeroToken)
{
if (xeroToken == null)
{
throw new ArgumentNullException("xeroToken");
}
var response = await _httpClient.RevokeTokenAsync(new TokenRevocationRequest {
Address = $"{xeroConfiguration.XeroIdentityBaseUri}/connect/revocation",
ClientId = xeroConfiguration.ClientId,
ClientSecret = xeroConfiguration.ClientSecret,
Token = xeroToken.RefreshToken
});
if (response.IsError)
{
throw new Exception(response.Error);
}
return;
}
}
}