airbytehq · topefolorunso · Feb 16, 2025 · Feb 16, 2025 · Feb 16, 2025 · Feb 16, 2025
diff --git a/airbyte-integrations/connectors/source-xero/integration_tests/invalid_config.json b/airbyte-integrations/connectors/source-xero/integration_tests/invalid_config.json
@@ -1,8 +1,6 @@
 {
-  "credentials": {
-    "auth_type": "oauth2_access_token",
-    "access_token": "Invalid-token"
-  },
-  "start_date": "2099-08-05T00:43:59.244Z",
-  "tenant_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+  "start_date": "2021-01-01T00:00:00Z",
+  "tenant_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+  "client_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+  "client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 }
diff --git a/airbyte-integrations/connectors/source-xero/integration_tests/sample_config.json b/airbyte-integrations/connectors/source-xero/integration_tests/sample_config.json
@@ -1,8 +1,6 @@
 {
-  "credentials": {
-    "auth_type": "oauth2_access_token",
-    "access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-  },
   "start_date": "2021-01-01T00:00:00Z",
-  "tenant_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+  "tenant_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+  "client_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+  "client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 }
diff --git a/...egrations/connectors/source-xero/integration_tests/sample_config_oauth2-confidential.json b/...egrations/connectors/source-xero/integration_tests/sample_config_oauth2-confidential.json
diff --git a/airbyte-integrations/connectors/source-xero/manifest.yaml b/airbyte-integrations/connectors/source-xero/manifest.yaml
@@ -1612,35 +1612,25 @@ definitions:
     type: HttpRequester
     url_base: https://api.xero.com/api.xro/2.0/
     authenticator:
-      type: SelectiveAuthenticator
-      authenticators:
-        oauth2_access_token:
-          type: BearerAuthenticator
-          api_token: "{{ config['credentials']['access_token'] }}"
-        oauth2_confidential_application:
-          type: OAuthAuthenticator
-          scopes:
-            - offline_access
-            - accounting.transactions.read
-            - accounting.reports.read
-            - accounting.budgets.read
-            - accounting.reports.tenninetynine.read
-            - accounting.journals.read
-            - accounting.settings.read
-            - accounting.contacts.read
-            - accounting.attachments.read
-            - assets.read files.read projects.read
-            - openid
-          client_id: "{{ config['credentials']['client_id'] }}"
-          grant_type: client_credentials
-          client_secret: "{{ config['credentials']['client_secret'] }}"
-          expires_in_name: expires_in
-          access_token_name: access_token
-          refresh_request_body: {}
-          token_refresh_endpoint: https://identity.xero.com/connect/token
-      authenticator_selection_path:
-        - credentials
-        - auth_type
+      type: OAuthAuthenticator
+      client_id: "{{ config['client_id'] }}"
+      client_secret: "{{ config['client_secret'] }}"
+      grant_type: refresh_token
+      expires_in_name: expires_in
+      refresh_request_body: {}
+      token_refresh_endpoint: https://identity.xero.com/connect/token
+      refresh_token: "{{ config['client_refresh_token'] }}"
+      token_expiry_date: "{{ config['token_expiry_date'] }}"
+      refresh_request_headers:
+          Authorization: "Basic {{ (config['client_id'] ~ ':' ~ config['client_secret']) | base64encode }}"
+      refresh_token_updater:
+        refresh_token_name: refresh_token
+        refresh_token_config_path:
+          - client_refresh_token
+        access_token_config_path:
+          - client_access_token
+        token_expiry_date_config_path:
+          - token_expiry_date
 
 streams:
   - $ref: "#/definitions/streams/bank_transactions"
@@ -1673,7 +1663,8 @@ spec:
     required:
       - tenant_id
       - start_date
-      - credentials
+      - client_id
+      - client_secret
     properties:
       tenant_id:
         type: string
@@ -1692,55 +1683,91 @@ spec:
         pattern: ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}Z$
         examples:
           - "2022-03-01T00:00:00Z"
-      credentials:
-        type: object
-        oneOf:
-          - type: object
-            title: OAuth Custom Connection
-            required:
-              - auth_type
-              - client_id
-              - client_secret
-            properties:
-              auth_type:
-                type: string
-                const: oauth2_confidential_application
-                order: 0
-                title: Authentication Method
-              client_id:
-                type: string
-                description: Your Xero application's Client ID.
-                title: Client ID
-                examples:
-                  - Client_ID
-              client_secret:
-                type: string
-                description: Your Xero application's Client Secret.
-                title: Client Secret
-                examples:
-                  - Client_Secret
-                airbyte_secret: true
-          - type: object
-            title: Bearer Access Token
-            required:
-              - access_token
-              - auth_type
-            properties:
-              auth_type:
-                type: string
-                const: oauth2_access_token
-                order: 0
-                title: Authentication Method
-                examples:
-                  - access_token
-              access_token:
-                type: string
-                description: The access token used to call the Xero API.
-                title: Access Token
-                airbyte_secret: true
+      client_id:
+        type: string
+        description: Your Xero application's Client ID.
+        title: Client ID
+        examples:
+          - Client_ID
         order: 2
-        title: Authentication Method
+      client_secret:
+        type: string
+        description: Your Xero application's Client Secret.
+        title: Client Secret
+        examples:
+          - Client_Secret
+        airbyte_secret: true
+        order: 3
+      client_access_token:
+        type: string
+        title: Access token
+        airbyte_secret: true
+        order: 4
+      client_refresh_token:
+        type: string
+        title: Refresh token
+        airbyte_secret: true
+        order: 5
+      token_expiry_date:
+        type: string
+        description: The amount of seconds until the access token expires.
+        format: date-time
     additionalProperties: true
+  advanced_auth:
+    auth_flow_type: oauth2.0
+    oauth_config_specification:
+      oauth_connector_input_specification:
+        consent_url: https://login.xero.com/identity/connect/authorize?response_type=code&{{client_id_param}}&{{scope_param}}&{{redirect_uri_param}}
+        scope: offline_access accounting.transactions.read accounting.reports.read accounting.budgets.read accounting.reports.tenninetynine.read accounting.journals.read accounting.settings.read accounting.contacts.read accounting.attachments.read assets.read files.read projects.read openid
+        access_token_url: https://identity.xero.com/connect/token
+        access_token_headers:
+          Authorization: "Basic {{ (client_id_value ~ ':' ~ client_secret_value) | b64encode }}"
+        access_token_params:
+          grant_type: authorization_code
+          code: "{{ auth_code_value }}"
+          redirect_uri: "{{ redirect_uri_value }}"
+        extract_output:
+          - refresh_token
+          - token_expiry_date
+      complete_oauth_output_specification:
+        required:
+          - refresh_token
+          - token_expiry_date
+        properties:
+          access_token:
+            type: string
+            path_in_connector_config:
+              - client_access_token
+          refresh_token:
+            type: string
+            path_in_connector_config:
+              - refresh_token
+          token_expiry_date:
+            type: string
+            path_in_connector_config:
+              - token_expiry_date
+      complete_oauth_server_input_specification:
+        required:
+          - client_id
+          - client_secret
+        properties:
+          client_id:
+            type: string
+          client_secret:
+            type: string
+      complete_oauth_server_output_specification:
+        required:
+          - client_id
+          - client_secret
+        properties:
+          client_id:
+            type: string
+            path_in_connector_config:
+              - client_id
+          client_secret:
+            type: string
+            path_in_connector_config:
+              - client_secret
 
 metadata:
   autoImportSchema:

diff --git a/airbyte-integrations/connectors/source-xero/metadata.yaml b/airbyte-integrations/connectors/source-xero/metadata.yaml
@@ -6,13 +6,18 @@ data:
     oss:
       enabled: true
     cloud:
-      enabled: false
+      enabled: true
   remoteRegistries:
     pypi:
       enabled: false
       packageName: airbyte-source-xero
   releases:
     breakingChanges:
+      3.0.0:
+        upgradeDeadline: "2025-03-01"
+        message:
+          The authorization method was changed to support only OAuth2 strategy. Due to changes in authorization, users can now bring their own OAuth2 apps, and use it on cloud. For more information, see our migration documentation for source Xero.
+          Important - The authentication scheme now uses only the OAuth2 strategy from this version.
       2.0.0:
         upgradeDeadline: "2024-06-30"
         message:
@@ -31,7 +36,7 @@ data:
   connectorSubtype: api
   connectorType: source
   definitionId: 6fd1e833-dd6e-45ec-a727-ab917c5be892
-  dockerImageTag: 2.1.2
+  dockerImageTag: 3.0.0
   dockerRepository: airbyte/source-xero
   githubIssueLabel: source-xero
   icon: xero.svg

diff --git a/docs/integrations/sources/xero-migrations.md b/docs/integrations/sources/xero-migrations.md
@@ -1,5 +1,17 @@
 # Xero Migration Guide
 
+## Upgrading to 3.0.0
+
+Xero connector now only accepts OAuth2 authentication method.
+
+To get started, [create an OAuth2 app](https://developer.xero.com/app/manage) and make sure you select the “Auth Code” grant type. Your app is assigned a unique Client ID and you can then generate a Client Secret. The Client Secret is private and should not be shared.
+
+Then authorize your source with the required information. 
+1. Go to set up `The Source` page.
+2. Enter your Xero application's Client ID and Client Secret.
+3. Click `Reset saved source` button.
+
+
 ## Upgrading to 2.0.0
 
 You can now choose your preferred xero authentication method. You can choose between `client_credentials` and `bearer_token` authentication methods.

diff --git a/docs/integrations/sources/xero.md b/docs/integrations/sources/xero.md
@@ -120,6 +120,7 @@ The connector is restricted by Xero [API rate limits](https://developer.xero.com
 
 | Version | Date       | Pull Request                                             | Subject                                                   |
 |:--------|:-----------|:---------------------------------------------------------|:----------------------------------------------------------|
+| 3.0.0 | 2025-02-16 | [54127](https://github.com/airbytehq/airbyte/pull/54127) | Make OAuth2 authenticator declarative |
 | 2.1.2 | 2025-02-15 | [54042](https://github.com/airbytehq/airbyte/pull/54042) | Update dependencies |
 | 2.1.1 | 2025-02-08 | [43841](https://github.com/airbytehq/airbyte/pull/43841) | Update dependencies |
 | 2.1.0 | 2024-10-23 | [47264](https://github.com/airbytehq/airbyte/pull/47264) | Migrate to Manifest-only |