I'm pretty familiar with restAPIs, however this one is giving me a bit of a headache. I'm trying to migrate my OAuth 1.0 tokens into OAuth 2.0 tokens using this documentation https://developer.xero.com/documentation/oauth2/migrate.
The request:
POST https://api.xero.com/oauth/migrate
Content-Type: application/json
Authorization: OAuth oauth_consumer_key="your_consumer_key", oauth_token="your_access_token",
oauth_signature_method="RSA-SHA1", oauth_signature="your_signature", oauth_timestamp="1456175435",
oauth_nonce="83fd12eb-f578-4403-bd55-247b66efa11a", oauth_version="1.0"
Body: {
"scope":"your_oauth_2_scopes + offline_access",
"client_id":"your_app_client_id",
"client_secret":"your_app_client_secret"
}
I'm trying to write a script in GO that will make make the POST request, grab the data and update our database.
Now what I'm confused about is the Authorization Header.
How do I fill in the information required? More specifically the oauth-signature, oauth-timestamp and oauth_nonce. I have little experience working with OAuth1.0a and would love to understand the flow.
Thanks!
Edit: trying to make use of this library https://godoc.org/github.com/gomodule/oauth1/oauth#example-Client-SetAuthorizationHeader
The OAuth1.0a signature is a set of key-value pairs, signed with your private key. This example migration app should give you an idea of the steps that need to be taken to build up the signature, even though it's not Go: OAuth1.0a => OAuth 2 token migration example.
There's also a Xero GoLang SDK that you can dig into to help with auth code: xerogolang
The nonce is a random single-use string that needs to be the same in your header and in the signature. The timestamp is the current date-time, in seconds since epoch, which also needs to be the same in your header and in the signature.