Add Xero Provider

[mulch75]

Is your feature request related to a problem? Please describe.
Xero.com uses OAuth 2.0 it would be great to have a provider for this service.

Describe the solution you'd like
Add a new provider for Xero.com

Documentation: https://developer.xero.com/documentation/oauth2/sign-in

Would be happy to contribute to this solution with a bit of guidance.

[martincostello]

You should be able to use the Pull Requests to add other providers as a fairly good guide of what's required to add a new provider.
They're relatively simple to do as long as the provider being implemented doesn't deviate from the OAuth 2.0 spec too much with custom things.

[mulch75]

I made a good start on this last night, I could get Authenticated but then I discovered that all the User information is packaged in a JWT. This has caused some further complication. I believe the SuperOffice implementation is similar so I may start again with that as a template. Any suggestions for working with JWT's?

[martincostello]

The Apple and SuperOffice providers both deal with JWTs, but the SuperOffice provider is more recent so has the preferred approach for dealing with them IIRC in terms of JWT.

[serber]

@martincostello, hello.
Since no activity in this thread, i created provider for Xero. It works, but i have trouble with unit test. How can i generate id_token for bundle.json or i should/can use id token values handled with fiddler when i testing in Mvc.Client demo app?

[martincostello]

If you take a look at the Apple and SuperOffice tests, you'll find expired JWTs in the them. The expiry checks are then disabled in the tests (or the clock frozen) so they don't expire.

You can either construct them by hand/with code, or capture a token from a real request and use/modify that, as long as there's nothing truly sensitive encoded in it.

[serber]

@martincostello, created PR #649

[serber]

Fiddler logs

POST https://identity.xero.com/connect/token HTTP/1.1
Host: identity.xero.com
Authorization: Basic ***
User-Agent: Xero OAuth handler
traceparent: 00-e2f790af186f226768d04c245b0bf2e0-52a079d8c21e4663-00
Content-Type: application/x-www-form-urlencoded
Content-Length: 157

redirect_uri=***&code=***&grant_type=authorization_code

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Server: nginx
Xero-Origin-Id: IdentityServer.Web
Xero-Causation-Id: 39448465abc749b39813c99b86e62483
Xero-Message-Id: b938771d234a4ca8bfa4078343877bcd
Xero-Activity-Id: 3845908a8bb04262b3aa71a609e610ab
Xero-Correlation-Id: 60c7c1cfb25349e4b61c77e1a2f13265
Expires: Wed, 26 Jan 2022 17:35:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 26 Jan 2022 17:35:54 GMT
Content-Length: 2248
Connection: keep-alive

{"id_token":"***","access_token":"***","expires_in":1800,"token_type":"Bearer","scope":"openid email"}

GET https://identity.xero.com/.well-known/openid-configuration HTTP/1.1
Host: identity.xero.com
User-Agent: Xero OAuth handler
traceparent: 00-8b115c1889c6a4441a7a5e57a8aec5d8-ef7a9b15e9a73641-00


HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Server: nginx
Xero-Origin-Id: IdentityServer.Web
Xero-Causation-Id: 76b92a0b2e3d4ce4aa9f6ccd383a54d0
Xero-Message-Id: 444420ab851946fead17e1827da6bb9e
Xero-Activity-Id: bc04812e7c8841b7891524b1d47a11ea
Xero-Correlation-Id: 42d8cc7a027b4adcb21ecd8eba9deaa2
Date: Wed, 26 Jan 2022 17:37:41 GMT
Content-Length: 1299
Connection: keep-alive
Vary: Origin

{"issuer":"https://identity.xero.com","jwks_uri":"https://identity.xero.com/.well-known/openid-configuration/jwks","authorization_endpoint":"https://login.xero.com/identity/connect/authorize","end_session_endpoint":"https://login.xero.com/identity/connect/endsession","check_session_iframe":"https://login.xero.com/identity/connect/checksession","token_endpoint":"https://identity.xero.com/connect/token","userinfo_endpoint":"https://identity.xero.com/connect/userinfo","revocation_endpoint":"https://identity.xero.com/connect/revocation","introspection_endpoint":"https://identity.xero.com/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"grant_types_supported":["authorization_code","client_credentials","refresh_token","implicit","delegation","oauth1_migration"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["S256"]}

GET https://identity.xero.com/.well-known/openid-configuration/jwks HTTP/1.1
Host: identity.xero.com
User-Agent: Xero OAuth handler
traceparent: 00-8b115c1889c6a4441a7a5e57a8aec5d8-b304f0954e812f39-00


HTTP/1.1 200 OK
Content-Type: application/jwk-set+json; charset=UTF-8
Server: nginx
Xero-Origin-Id: IdentityServer.Web
Xero-Causation-Id: d1d34829a29d4363a3fc787dff2c9430
Xero-Message-Id: 00ec3c45b8714f62b4e733b4702800af
Xero-Activity-Id: 9235ab83e5a94156a0252bd82ce53ac1
Xero-Correlation-Id: cba9cfad762c4834bf15a0e16a57b192
Content-Length: 2262
Date: Wed, 26 Jan 2022 17:37:41 GMT
Connection: keep-alive

{"keys":[{"kty":"RSA","use":"sig","kid":"1CAF8E66772D6DC028D6726FD0261581570EFC19","x5t":"HK-OZnctbcAo1nJv0CYVgVcO_Bk","e":"AQAB","n":"zF3EI4O33euG7WriakxRBkeko99IuG0A5gzp-thNWFmglx4hdCjQ4-8jB6MM7xdQ2OfC271Ox8sjrDLFRdlGT2fPLLvMwBYi8fb-L_o7KakkU1CGf7YH2F2vSmNEWKMfo6jFOGMya7Cff9Yi2lFyMXlT764tvEVt09TLZ5Kq8rrX-OkFVuHc9Jkb98Bpj-bJxE5ANy-MXyOGXwYsRbTno27RouvqNGWurcCEWCwIhn-xmeI_JPWzV3o_uscPyCMkW-iNTLeeZTo32Tqn2xBNg2qxl7H3ujw1QJYhf5Qc6UD166GB0gG94uxO0TaGde974IBI6FD_6cikTTJpHInAZQ","x5c":["MIIFITCCBAmgAwIBAgIRAO2aYd0RmqejAAAAAFDbwfMwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTcwMzA4MTk1MDEwWhcNMTkwNzA4MjAyMDA5WjBRMQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjERMA8GA1UEChMIWGVybyBMdGQxGjAYBgNVBAMTEWlkZW50aXR5Lnhlcm8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzF3EI4O33euG7WriakxRBkeko99IuG0A5gzp+thNWFmglx4hdCjQ4+8jB6MM7xdQ2OfC271Ox8sjrDLFRdlGT2fPLLvMwBYi8fb+L/o7KakkU1CGf7YH2F2vSmNEWKMfo6jFOGMya7Cff9Yi2lFyMXlT764tvEVt09TLZ5Kq8rrX+OkFVuHc9Jkb98Bpj+bJxE5ANy+MXyOGXwYsRbTno27RouvqNGWurcCEWCwIhn+xmeI/JPWzV3o/uscPyCMkW+iNTLeeZTo32Tqn2xBNg2qxl7H3ujw1QJYhf5Qc6UD166GB0gG94uxO0TaGde974IBI6FD/6cikTTJpHInAZQIDAQABo4IBiDCCAYQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIZIAYb6bAoBBTAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwaAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMBwGA1UdEQQVMBOCEWlkZW50aXR5Lnhlcm8uY29tMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQWBBRFeeDSLzlET3U0/DtzB6I/v20WQjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBLkj/9pEPkITL0MUTCjQMmHQHMCRHpeI1t0oAWkl42PbT+Us2M58WkGoKbwLNh1kwDs2mWw2wBGd8SBGjfiwybhkfyjT7IIDkiPBlfsM0qo4wvGcwRmU86nG4koMX4JMUaqw8rp1OrttOKlUORiTAM9WhgtYnvJrD7TGwNHLkMa1z9Iaz0K//hPCIcGmLBz1uk0KXIwxVQTR7a1DS9yb0vLLwvoRFNuajDESdGhxGuzTe1FcR/xdJTEjH0dZ/+chKvGoUF9W97SZKXgLgpefh/xNgRV5gKrVwBrRuQ9ORoMCnKh8MMgxeTjZqTA6/rSTeNwOVpcCNomYrVP0G4+OSA"],"alg":"RS256"}]}

[martincostello]

The Xero provider is now available from NuGet.org - thanks again for your contribution @serber! 🥳