dcodegroup / laravel-xero-oauth
Simple package which dcode uses to handle the connection to xero for all projects. Provides endpoints for UI and callbacks for Xero
Requires
- php: ^8.2
- calcinai/xero-php: ^2.5
- laravel/framework: ^10.0|^11.0|^12.0|^13.0
- league/oauth2-client: 2.*
- xeroapi/xero-php-oauth2: ^11.0
Requires (Dev)
- laravel/pint: ^1.13.5
- orchestra/testbench: ^8.0|^9.0|^10.0|^11.0
- pestphp/pest: ^2.36|^4.4
- phpstan/phpstan: ^2.1
- dev-main
- 1.0.28
- 1.0.27
- 1.0.26
- 1.0.25
- 1.0.24
- 1.0.23
- 1.0.22
- 1.0.21
- 1.0.20
- 1.0.19
- 1.0.18
- 1.0.17
- 1.0.16
- 1.0.15
- 1.0.14
- 1.0.13
- 1.0.12
- 1.0.11
- 1.0.10
- 1.0.9
- 1.0.8
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- dev-feature/DCO-89-integrate-quotes-to-xero-service-only
- dev-dependabot/github_actions/actions/checkout-6
- dev-feature/DCO-4887-make-laravel-xero-oauth-l13-compatible
This package is auto-updated.
Last update: 2026-04-17 00:27:43 UTC
README
Laravel Xero
This package provides the standard xero connection functionality used in most projects.
Installation
You can install the package via composer:
composer require dcodegroup/laravel-xero-oauth
Then run the install command.
php artsian laravel-xero:install
This will publish the configuration file and the migration file.
Run the migrations
php artsian migrate
Configuration
Most of configuration has been set the fair defaults. However you can review the configuration file at config/laravel-xero-oauth.php and adjust as needed
If you are using Inertia, you can switch the package frontend driver from Blade to Inertia:
'frontend' => [ 'driver' => 'inertia', 'inertia' => [ 'component' => 'Xero/OAuth/Index', ], ],
When frontend.driver is inertia, the package will:
- Render the index endpoint with your Inertia component
- Use Inertia location redirects for
/xero/authand/xero/callback
Inertia Vue page contract (drop-in example)
Set your component path to match the config default:
'frontend' => [ 'driver' => 'inertia', 'inertia' => [ 'component' => 'Xero/OAuth/Index', ], ],
Create resources/js/Pages/Xero/OAuth/Index.vue:
<script setup> import { router } from '@inertiajs/vue3'; import { route } from 'ziggy-js'; const props = defineProps({ token: { type: Object, default: null }, tenants: { type: Array, default: () => [] }, currentTenantId: { type: String, default: null }, authUrl: { type: String, required: true }, }); const connectToXero = () => { // Package returns an Inertia location response from /xero/auth window.location.href = props.authUrl; }; const selectTenant = (tenantId) => { router.post(route('xero.tenant.update', { tenantId })); }; </script> <template> <section> <h1>Xero OAuth</h1> <button type="button" @click="connectToXero">Connect to Xero</button> <p v-if="token">Connected</p> <p v-else>Not connected</p> <ul v-if="tenants.length"> <li v-for="tenant in tenants" :key="tenant.tenantId"> <span>{{ tenant.tenantName }}</span> <button type="button" :disabled="tenant.tenantId === currentTenantId" @click="selectTenant(tenant.tenantId)" > {{ tenant.tenantId === currentTenantId ? 'Current' : 'Use this tenant' }} </button> </li> </ul> </section> </template>
Expected props from the package index controller:
token: latest stored token ornulltenants: array of Xero tenants (tenantId,tenantName,tenantType, etc.)currentTenantId: currently selected tenant id ornullauthUrl: URL to start OAuth (xero.auth)
This example assumes Ziggy is installed and your route names are exposed to the client.
Screenshots
Blade (disconnected):
Blade (connected):
Inertia contract example:
If you want to have the oauth screens appear within your sites layout ensure to configure the environment variable. eg.
LARAVEL_XERO_OAUTH_APP_LAYOUT=layouts.admin
Usage
The package provides an endpoints which you can use. See the full list by running
php artsian route:list --name=xero
+--------+----------+-------------------------+--------------------+-------------------------------------------------------------------------+----------------------------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+----------+-------------------------+--------------------+-------------------------------------------------------------------------+----------------------------------+
| | GET|HEAD | xero | xero.index | Dcodegroup\LaravelXeroOauth\Http\Controllers\XeroController | web |
| | | | | | App\Http\Middleware\Authenticate |
| | GET|HEAD | xero/auth | xero.auth | Dcodegroup\LaravelXeroOauth\Http\Controllers\XeroAuthController | web |
| | | | | | App\Http\Middleware\Authenticate |
| | GET|HEAD | xero/callback | xero.callback | Dcodegroup\LaravelXeroOauth\Http\Controllers\XeroCallbackController | web |
| | | | | | App\Http\Middleware\Authenticate |
| | POST | xero/tenants/{tenantId} | xero.tenant.update | Dcodegroup\LaravelXeroOauth\Http\Controllers\SwitchXeroTenantController | web |
| | | | | | App\Http\Middleware\Authenticate |
+--------+----------+-------------------------+--------------------+-------------------------------------------------------------------------+----------------------------------+
More Information
example.com/xero Which is where you will generate the link to authorise xero. This is by default protected auth middleware but you can modify in the configuration. This is where you want to link to in your admin and possibly a new window
example.com/xero/callback This is the route for which xero will redirect back to after the oauth has occurred. This is excluded from the middleware auth. You can change this list in the configuration also.
BaseXeroService
The package has a BaseXeroService class located at Dcodegroup\LaravelXeroOauth\BaseXeroService
So your application should have its own XeroService extend this base class as the initialisation is already done.
<?php namespace App\Services\Xero; use Dcodegroup\LaravelXeroOauth\BaseXeroService; use XeroPHP\Models\Accounting\Contact; class XeroService extends BaseXeroService { /** * @inheritDoc */ public function createContact(object $data) { /** * $this->>xeroClient is inherited from the BaseXeroService */ $contact = new Contact($this->xeroClient); $contact->setName($data->name . ' (' . $data->code . ')') ->setFirstName($data->name) ->setContactNumber($data->code) ->setAccountNumber($data->code) ->setContactStatus(Contact::CONTACT_STATUS_ACTIVE) ->setEmailAddress($data->email) ->setTaxNumber('ABN') ->setDefaultCurrency('AUD'); $contact = head($contact->save()->getElements()); return $this->xeroClient->loadByGUID(Contact::class, $contact['ContactID']); } }
Runtime
You can check if the connection exists with the below code. (This will not work once ->getConfig() is removed in Guzzle 8 guzzle/guzzle#3114 )
if (app(Application::class)->getTransport()->getConfig()['headers']['Xero-tenant-id'] != 'fake_tenant') { // do something }


