本文主要介紹和xero OAuth的整合過程,以後再與其他第三方的OAuth的整合過程也將類似。 另外由於xero官方的文檔非常有限,因此有必要進行總結一下。
Xero 是一個財務系統,可用於替代產品帳單模組的實現。
www.xero.com
了解OAuth :
http://www.ruanyifeng.com /blog/2014/05/oauth_2_0.html
http://baike.baidu.com/view/6619164.htm
#概括起來就是,對於SystemA用戶要存取systemB的資源,sysB的使用者可以指定將SysB中的哪些部分(模組)暴露出來給SysA進行訪問,同時會給sysA一個token和憑證。每次sysA存取sysB時需要帶上token以及憑證。
1. 安裝nuget pkg :
2. 建立wapper 來封裝互動過程
前提:
1.需要已經安裝憑證
2.已經得到了key/secret
public class XeroApiAdapter { private readonly IXeroApiParameter _parameter; private const string PARTNER_URL = "https://api-partner.network.xero.com"; private const string BASE_URL = "https://api.xero.com"; public XeroCoreApi CoreApi { get; private set; } private readonly X509Certificate2 _signingCertificate; private readonly X509Certificate2 _partnerCertificate; /// <summary> /// /// </summary> /// <param name="parameter"></param> public XeroApiAdapter(IXeroApiParameter parameter) { _signingCertificate = XeroOAuthSettings.Fetch.SigningCertificate.SelectedCertificate; if (_signingCertificate == null) { throw new Exception("Signing certificate must be defined"); } _partnerCertificate = XeroOAuthSettings.Fetch.PartnerCertificate.SelectedCertificate; if (_partnerCertificate == null) { throw new Exception("partner certificate must be defined"); } _parameter = parameter; var user = new ApiUser { OrganisationId = parameter.NetworkId, Name = parameter.NetworkId }; CoreApi = new XeroCoreApi(PARTNER_URL, new RuPartnerAuthethicator(PARTNER_URL, BASE_URL, XeroTokenServices.Do, _signingCertificate, _partnerCertificate), new Consumer(parameter.ConsumerKey, parameter.ConsumerSecret), user, new DefaultMapper(), new DefaultMapper()); } public PartnerMvcAuthenticator MvcAuthenticator(string callBack) { return new PartnerMvcAuthenticator(PARTNER_URL, BASE_URL, callBack, XeroTokenServices.Do, _signingCertificate, _partnerCertificate, new Consumer(_parameter.ConsumerKey, _parameter.ConsumerSecret), XeroRequestTokenServices.Do); } }
RuPartnerAuthethicator.cs (主要用於over write xero de AuthorizeUser函數,預設會開啟瀏覽器):
public class RuPartnerAuthethicator : PartnerAuthenticator { public RuPartnerAuthethicator(string baseUri, string authorizeUri, ITokenStore store, string signingCertificatePath, string certificatePath, string password) : base(baseUri, authorizeUri, "", store, signingCertificatePath, certificatePath, password) { } public RuPartnerAuthethicator(string baseUri, string authorizeUri, ITokenStore store, X509Certificate2 signingCertificate, X509Certificate2 certificate) : base(baseUri, authorizeUri, "", store, signingCertificate, certificate) { } protected override string AuthorizeUser(IToken token) { throw new XeroRenewAccessTokenException("Please renew access token"); } }
3. 實作IToken 接口,分為Request Token和Access Token。 即請求token和存取token,存取token需要做持久化,請求token可存記憶體中。
public class XeroTokenServices : MongoService, ITokenStore { public static XeroTokenServices Do { get { return new XeroTokenServices(); } } private XeroTokenServices() { } private MongoCollection<MDXeroToken> XeroTokenStore { get { return Connection.GetMongoCollection<MDXeroToken>("XeroTokenStore"); } } public void Add(IToken token) { //Lets delete first as we are not sure if Xero have a delete Delete(token); XeroTokenStore.Save(new MDXeroToken(token)); } public void Delete(IToken token) { XeroTokenStore.Remove(Query<MDXeroToken>.EQ(x => x.UserId, token.UserId)); } public IToken Find(string user) { var token = XeroTokenStore.FindOne(Query<MDXeroToken>.EQ(x => x.UserId, user)); return token; } public void ClearTokenForNetwork(string id) { XeroTokenStore.Remove(Query<MDXeroToken>.EQ(x => x.UserId, id)); } } public class XeroRequestTokenServices : MongoService, ITokenStore { public static XeroRequestTokenServices Do { get { return new XeroRequestTokenServices(); } } private XeroRequestTokenServices() { } private MongoCollection<MDXeroToken> XeroTokenStore { get { return Connection.GetMongoCollection<MDXeroToken>("XeroRequestTokenStore"); } } public void Add(IToken token) { //Lets delete first as we are not sure if Xero have a delete Delete(token); XeroTokenStore.Save(new MDXeroToken(token)); } public void Delete(IToken token) { XeroTokenStore.Remove(Query<MDXeroToken>.EQ(x => x.UserId, token.UserId)); } public IToken Find(string user) { return XeroTokenStore.FindOne(Query<MDXeroToken>.EQ(x => x.UserId, user)); } public void ClearTokenForNetwork(string id) { XeroTokenStore.Remove(Query<MDXeroToken>.EQ(x => x.UserId, id)); } }
4. 指定callback 函數, 在xero設定callback domain
4.1 新增Application
#4.2 設定call back domain , 產生key , secret
public ActionResult Authorize(string oauth_token, string oauth_verifier, string org, string redirect) { var network = NetworksManagment.Do.GetNetwork(Tenant.NetworkId); var xeroApi = new XeroApiAdapter(new XeroApiParam(network)); var authenthicator = xeroApi.MvcAuthenticator(""); try { // - call XeroTokenServices.Add and store the token in MDXeroToken var token = authenthicator.RetrieveAndStoreAccessToken(network.Id, oauth_token, oauth_verifier, org); var organization = xeroApi.CoreApi.Organisation; ... TempData.AddNotification(NotifcationType.Success, "Xero connected successfully"); } catch (Exception ex) { TempData.AddNotification("Error connecting to Xero", ex); } if (string.IsNullOrEmpty(redirect)) { return RedirectToAction("Index"); } return Redirect(redirect); }xero 官方git :
https://github.com/XeroAPI/Xero-Net
#