OAuth2.0 服务器对服务器请求无需访问令牌

huangapple go评论133阅读模式
英文:

OAuth2.0 server to server request without access token

问题

我正在使用Xero API构建一个应用程序。

我已成功实现了OAuth流程,并且能够为特定租户创建、读取、更新和删除发票。

我面临的问题是如何实现Webhook以及如何从我的服务器获取数据。

通常情况下,使用OAuth时,请求是代表特定用户的,我的服务器只需管理每个请求的访问/刷新令牌;但现在Xero直接向我的服务器发布事件,我应该如何(以经过授权的方式)从Xero获取相关资源并相应地更新我的数据库?

我只需为该租户获取任何用户并代表他们发出请求,还是我完全忽略了某种允许我进行经过授权的服务器对服务器调用的方法?

英文:

I am building an application with Xero apis.

I have implemented the OAuth flow successfully and I am able to CRUD invoices for a given tenant.

The issue I am facing is implementing the webhook and how I am meant to GET data from my server.

Typically using OAuth the request is on behalf of a specific user where my server simply manages the access / refresh tokens for each request; But now Xero is posting an event directly to my server how am I meant to (in an authorised manner) fetch the relevant resources from Xero and update my DB accordingly?

Do I just grab any user for that tenant and make the request on behalf of them or is there some method that I have completely missed that allows me to make authorised server to server calls?

答案1

得分: 1

你可以使用来自该租户的任何用户的有效访问令牌,以进行对相关资源的GET调用,例如发票或联系人的调用。

英文:

You can use a valid access token from any user for that tenant to make the GET calls to the relevant endpoint for the resource eg invoice or contact

huangapple
  • 本文由 发表于 2023年6月2日 10:55:11
  • 转载请务必保留本文链接:https://go.coder-hub.com/76386860.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定