Interactively prompts a user to login to the Xero finance package, grant access for a third-party (i.e. another script) to access the data, then saves two tokens issued by Xero. The tokens can be used by other scripts to retrieve data from Xero, e.g. for reporting purposes.
Where to find it
The script is under source control and can be accessed from the following repository:
See the following article which provides an overview, including how to make changes to scripts using git:
This script handles the Xero authentication process. Once completed successfully, that enables programmatic access to data held in the Xero finance package, which is used by Speakeasy for recording financial transactions.
How it Works
- A user executes the PowerShell script SpeakeasyGetXeroTokens.ps1, usually from PowerShell ISE which is set to run as an administrator.
- The script makes an attempts to login to Xero via a browser – the user is presented with a page which prompts for a Xero username and password – the accounts and login details can all be found in BitWarden.
- The user should use BitWarden to login using their details. If the user does not have their own account, Paul Cashmore’s Xero details in BitWarden can be used to login
- If login is successful, the user will be prompted to confirm that programmatic access to Xero data will be allowed. Simply click the “Allow Access” button. The Powershell script has been configured to ask for the minimum possible permissions – i.e. read-only access to reports data. This can be modified in due course if other access is required – the script includes a commented out line showing some of the other permissions that can be requested.
- Once access is granted, two tokens – an access token and refresh token – are returned to the SpeakeasyGetXeroTokens.ps1. The access token will expire after 30 minutes, unless a token refresh is requested. The refresh process is described here: Refreshing of Xero Tokens.
- The SpeakeasyGetXeroTokens.ps1 script then stores the tokens in encrypted form in Azure Automation variables. All Azure automation variables can be seen via this link: Speakeasy Azure Automation Variables. The access token is stored in a variable called SpeakeasyXeroAccessToken and the refresh token is stored in a variable called SpeakeasyXeroRefreshToken.
- The script then completes.
Xero App Registration
- AppName: SpeakeasyFinance
- Company URL: https://www.speakeasy-aphasia.org.uk
- Redirect URL: http://localhost:8080 (this is used to prompt a user to confirm that they want to allow scripts access to Xero data)
- XTID: x30speakeasyfinance