Example PublicMvcAuthenticator.cs Delete then Add immediately? about xero-net HOT 7 CLOSED

I assume it is to ensure that there is only one token stored for each user/organisation at any time. If you look at the two example token stores (MemoryTokenStore and SqliteTokenStore) you can see how the examples would work together. It is just an example remember, and shows one way of authenticating an MVC application and can be modified to fit your solution accordingly

from xero-net.

Yes but line 52 has just tried to find a token in the store and failed. So there is nothing to Delete at line 70.
I am having a frustrating time implementing my use of this Xero API wrapper as it feels very convoluted. I have to create a lot of code to get this thing up and running, rather than just using a pre-built SDK. And when I find something like this in the example code that makes no sense it just increases my unease with this library.

from xero-net.

And why delete the requestToken on line 60 immediately after finding it. This make no sense to me.

from xero-net.

Yeah you're correct that the delete on line 70 does seem to be redundant. I'll make sure to remove it in the next update. If you come across any other issues, feel free to open up a pull request with fixes.

In regards to deleting the request token on line 60...
A request token is a one use token which is swapped out for an access token. Once you have pulled it out of the _requestTokenStore it no longer needs to be there as the following few lines will invalidate it for future use, so we delete it from the store. It is no longer in the store, but is still held in the local variable ready to be swapped for the access token.

If you havn't already, take a look at our docs for an outline on the authentication flow and steps involved: http://developer.xero.com/documentation/getting-started/public-applications/

from xero-net.

Ahh, right I see that's why you're deleting it. Unfortunately though the PartnerMvcAuthenticator inherits from the PublicMvcAuthenticator, and Partner applications require the original Request Token whenever the Access Token is renewed. This functionality hasn't been overridden in the PartnerMvcAuthenticator. I am currently implementing a Partner App using this new library, hence my confusion.

from xero-net.

You don't nee the original request token to renew a partners access token, you need the original session handle & last access token. Does this help?

from xero-net.

The redundant line will be removed and a comment on the request token removal has been added in #83 This will hopefully help others in the future

from xero-net.