xero-php/examples/partner.php at master · KOBASSoftware/xero-php · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<?php

use XeroPHP\Application\PartnerApplication;
use XeroPHP\Remote\Request;
use XeroPHP\Remote\URL;

// Start a session for the oauth session storage
session_start();

//These are the minimum settings - for more options, refer to examples/config.php
$config = [
    'oauth' => [
        'callback'              => 'http://localhost/',
        'consumer_key'          => 'k',
        'consumer_secret'       => 's',
        'rsa_private_key'       => 'file://certs/privatekey.pem',
        'signature_location'  => \XeroPHP\Remote\OAuth\Client::SIGN_LOCATION_QUERY
    ],
    'curl' => [
        CURLOPT_CAINFO          => 'certs/ca-bundle.crt'
    ]
];

$xero = new PartnerApplication($config);

$oauth_session = getOAuthSession();

// If no session found
if ($oauth_session === null) {
    $url = new URL($xero, URL::OAUTH_REQUEST_TOKEN);

    $request = new Request($xero, $url);

    //Here's where you'll see if your keys are valid.
    //You can catch a BadRequestException.
    try {
        $request->send();
    } catch (Exception $e) {
        echo($e->getCode());
        print_r($request->getResponse()->getOAuthResponse());
    }

    $oauth_response = $request->getResponse()->getOAuthResponse();

    setOAuthSession(
        $oauth_response['oauth_token'],
        $oauth_response['oauth_token_secret']
    );

    printf('<a href="%s">Click here to Authorize</a>', $xero->getAuthorizeURL($oauth_response['oauth_token']));
    exit;
} elseif (isset($oauth_session['session_handle']) && !isset($oauth_session['expires'])) {
    // If session is expired refresh the token
    $url = new URL($xero, URL::OAUTH_ACCESS_TOKEN);
    $request = new Request($xero, $url);

    $request->setParameter('oauth_token', $oauth_session['token']);
    $request->setParameter('oauth_session_handle', $oauth_session['session_handle']);

    $request->send();
    $oauth_response = $request->getResponse()->getOAuthResponse();

    $expires = time() + intval($oauth_response['oauth_expires_in']);

    setOAuthSession(
        $oauth_response['oauth_token'],
        $oauth_response['oauth_token_secret'],
        $expires,
        $oauth_response['oauth_session_handle']
    );

    $xero->getOAuthClient()
        ->setToken($oauth_response['oauth_token'])
        ->setTokenSecret($oauth_response['oauth_token_secret']);
} else {
    $xero->getOAuthClient()
        ->setToken($oauth_session['token'])
        ->setTokenSecret($oauth_session['token_secret']);

    if (isset($_REQUEST['oauth_verifier'])) {
        $xero->getOAuthClient()->setVerifier($_REQUEST['oauth_verifier']);

        $url = new URL($xero, URL::OAUTH_ACCESS_TOKEN);
        $request = new Request($xero, $url);

        $request->send();
        $oauth_response = $request->getResponse()->getOAuthResponse();

        $expires = time() + intval($oauth_response['oauth_expires_in']);

        setOAuthSession(
            $oauth_response['oauth_token'],
            $oauth_response['oauth_token_secret'],
            $expires,
            $oauth_response['oauth_session_handle']
        );

        //drop the qs
        $uri_parts = explode('?', $_SERVER['REQUEST_URI']);

        //Just for demo purposes
        header(sprintf('Location: http%s://%s%s', (isset($_SERVER['HTTPS']) ? 's' : ''), $_SERVER['HTTP_HOST'], $uri_parts[0]));
        exit;
    }
}

// We are in! Print organisation details...
print_r($xero->load('Accounting\\Organisation')->execute());

//The following two functions are just for a demo
//You should use a more robust mechanism of storing tokens than this!
function setOAuthSession($token, $secret, $expires = null, $session_handle = null)
{
    $_SESSION['oauth'] = [
        'token' => $token,
        'token_secret' => $secret,
        'expires' => $expires,
        'session_handle' => $session_handle
    ];
}

function getOAuthSession()
{
    //If it doesn't exist, return null
    if (!isset($_SESSION['oauth'])) {
        return null;
    }

    // If the session is expired or expiring, unset the expires key
    if ($_SESSION['oauth']['expires'] !== null
        && $_SESSION['oauth']['expires'] <= (time() + 100)
    ) {
        unset($_SESSION['oauth']['expires']);
    }

    return $_SESSION['oauth'];
}