我正在从开发人员应用程序连接到Xero,好像Xero更改了OAuth2.0中的某些实现,并存储了已连接应用程序的信息,这与OAuth1.0不同,因为它们允许连接到任何组织。
在连接到Xero时是否可以选择仅一个组织。
答案 0 :(得分:0)
因此,用于OAuth2.0的Xero access_tokens与可能授权多个组织(即租户)的单个用户绑定。 您是正确的,OAuth1.0a是直接1-1 org到api的连接。
如果用户授权多个租户,我们看到的一些解决此UX问题的解决方案可能是:
应用程序中的一个下拉菜单-用户从授权连接中选择要同步的组织。然后,您将那个tenantId传递给您的api调用。
在您的代码中,通过 updatedDateUtc 过滤/ 连接-最近的一个是传递给api调用的tenantId。
利用/ 断开连接 endpoint,并在用户界面中突出显示一次只能连接一个组织。
引用文档:https://developer.xero.com/documentation/oauth2/auth-flow
5. Check the full set of tenants you've been authorized to access
You can verify all the tenants that the user has authorized your app to access by calling the connections endpoint. If the user has authorized your app previously, they may have existing tenant connections. All of the connected tenants can now be accessed with your most recent access token.
Each connection will have a created date and an updated date. If they differ, that means the user is reconnecting this tenant to your app (having previosuly connected and disconnected it).
GET https://api.xero.com/connections
Authorization: "Bearer " + access_token
Content-Type: application/json
Response:
[
{
"id": "c869f3b7-6435-4c7e-8cb2-122721b04a69",
"tenantId": "45e4708e-d862-4111-ab3a-dd8cd03913e1",
"tenantType": "ORGANISATION",
"tenantName": "Demo Company (US)",
"createdDateUtc": "2020-02-02T19:17:58.1117990",
"updatedDateUtc": "2020-02-02T19:17:58.1117990"
},
{
"id": "74305bf3-12e0-45e2-8dc8-e3ec73e3b1f9",
"tenantId": "c3d5e782-2153-4cda-bdb4-cec791ceb90d",
"tenantType": "ORGANISATION",
"tenantName": "MY other Sweeet Xero Org",
"createdDateUtc": "2020-01-30T01:33:36.2717380",
"updatedDateUtc": "2020-02-02T19:21:08.5739590"
}
]