feat: auth and get real data from a tenant

Author: john-zhang-dev

package.json

@@ -27,7 +27,10 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.7.0",
-    "xero-node": "^10.0.0"
+    "dotenv": "^16.4.7",
+    "open": "^10.1.0",
+    "xero-node": "^10.0.0",
+    "zod": "^3.24.2"
   },
   "devDependencies": {
     "@types/node": "^22.13.10",

src/Tools/Authenticate.ts

@@ -0,0 +1,59 @@
+import { XeroClientSession } from "../XeroApiClient.js";
+import { IMcpServerTool } from "./IMcpServerTool.js";
+import { z } from "zod";
+import http from "http";
+import open from "open";
+import { Result } from "@modelcontextprotocol/sdk/types.js";
+
+export const AuthenticateTool: IMcpServerTool = {
+  requestSchema: {
+    name: "authenticate",
+    description: "Authenticate with Xero using OAuth2",
+    inputSchema: { type: "object", properties: {} },
+    output: { content: [{ type: "text", text: z.string() }] },
+  },
+  requestHandler: async () => {
+    const consentUrl = await XeroClientSession.xeroClient.buildConsentUrl();
+    const server = http.createServer();
+    server.listen(process.env.PORT || 5000);
+    const authTask = new Promise<Result>((resolve, reject) => {
+      server.on("request", async (req) => {
+        if (req.url && req.url.includes("/callback")) {
+          try {
+            const tokenSet = await XeroClientSession.xeroClient.apiCallback(
+              req.url
+            );
+            XeroClientSession.xeroClient.setTokenSet(tokenSet);
+            await XeroClientSession.xeroClient.updateTenants();
+            XeroClientSession.setActiveTenantId(
+              XeroClientSession.xeroClient.tenants[0].tenantId
+            );
+
+            resolve({
+              content: [
+                {
+                  type: "text",
+                  text: "Authenticated successfully",
+                },
+              ],
+            });
+          } catch (error: any) {
+            reject({
+              content: [
+                {
+                  type: "text",
+                  text: `Error authenticating user: ${error.message}`,
+                },
+              ],
+            });
+          } finally {
+            server.close();
+          }
+        }
+      });
+    });
+
+    open(consentUrl);
+    return authTask;
+  },
+};

src/Tools/IMcpServerTool.ts

@@ -0,0 +1,6 @@
+import { Request, Result, Tool } from "@modelcontextprotocol/sdk/types.js";
+
+export interface IMcpServerTool {
+  requestSchema: Tool;
+  requestHandler: (request: Request) => Promise<Result>;
+}

src/Tools/ListAccounts.ts

@@ -0,0 +1,43 @@
+import { Account } from "xero-node";
+import { XeroClientSession } from "../XeroApiClient.js";
+import { IMcpServerTool } from "./IMcpServerTool.js";
+import { z } from "zod";
+
+function formatAccountsResponse(accounts: Account[]): string {
+  const results = [];
+  results.push(`${accounts.length} accounts found:`);
+  for (const account of accounts) {
+    results.push(
+      `- ${account.name} ${account.code || ""} ${account.status || ""} ${
+        account.description || ""
+      }`
+    );
+  }
+  return results.join("\n");
+}
+
+export const ListAccountsTool: IMcpServerTool = {
+  requestSchema: {
+    name: "list_accounts",
+    description: "List all accounts",
+    inputSchema: { type: "object", properties: {} },
+    output: { content: [{ type: "text", text: z.string() }] },
+  },
+  requestHandler: async () => {
+    const tenantId = XeroClientSession.activeTenantId();
+    if (!tenantId) {
+      throw new Error("No tenant selected");
+    }
+    const response =
+      await XeroClientSession.xeroClient.accountingApi.getAccounts(tenantId);
+    const accounts = response.body.accounts || [];
+    return {
+      content: [
+        {
+          type: "text",
+          text: formatAccountsResponse(accounts),
+        },
+      ],
+    };
+  },
+};

src/XeroApi/Account.ts

@@ -0,0 +1,54 @@
+import { XeroClient } from "xero-node";
+import "dotenv/config";
+
+const client_id = process.env.XERO_CLIENT_ID;
+const client_secret = process.env.XERO_CLIENT_SECRET;
+const redirectUrl = process.env.XERO_REDIRECT_URI;
+const scopes =
+  "offline_access openid profile email accounting.transactions accounting.budgets.read accounting.reports.read accounting.journals.read accounting.settings accounting.settings.read accounting.contacts accounting.contacts.read accounting.attachments accounting.attachments.read files files.read assets assets.read projects projects.read";
+
+if (!client_id || !client_secret || !redirectUrl) {
+  throw Error(
+    "Environment Variables not all set - please check your .env file in the project root or create one!"
+  );
+}
+
+type XeroClientConfig = {
+  clientId: string;
+  clientSecret: string;
+  redirectUrl: string;
+  scopes: string[];
+};
+
+class XeroApiClient {
+  xeroClient: XeroClient;
+  private _activeTenantId: string | undefined;
+
+  constructor(config: XeroClientConfig) {
+    this.xeroClient = new XeroClient({
+      clientId: config.clientId,
+      clientSecret: config.clientSecret,
+      redirectUris: [config.redirectUrl],
+      scopes: config.scopes,
+    });
+  }
+
+  isAuthenticated() {
+    return this.xeroClient.readTokenSet() ? true : false;
+  }
+
+  activeTenantId() {
+    return this._activeTenantId;
+  }
+
+  setActiveTenantId(tenantId: string) {
+    this._activeTenantId = tenantId;
+  }
+}
+
+export const XeroClientSession = new XeroApiClient({
+  clientId: client_id,
+  clientSecret: client_secret,
+  redirectUrl: redirectUrl,
+  scopes: scopes.split(" "),
+});

src/XeroApiClient.ts

@@ -3,9 +3,10 @@ import {
   CallToolRequestSchema,
   ListToolsRequestSchema,
 } from "@modelcontextprotocol/sdk/types.js";
-import { z } from "zod";
-import { getAccounts } from "./XeroApi/Account.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { ListAccountsTool } from "./Tools/ListAccounts.js";
+import { AuthenticateTool } from "./Tools/Authenticate.js";
+import { XeroClientSession } from "./XeroApiClient.js";
 
 export class XeroMcpServer {
   private server: Server;
@@ -31,36 +32,31 @@ export class XeroMcpServer {
     console.error("Xero MCP server running on stdio");
   }
 
-  setupTools() {
+  private setupTools() {
     this.server.setRequestHandler(ListToolsRequestSchema, async () => {
       return {
-        tools: [
-          {
-            name: "list_accounts",
-            description: "List all accounts",
-            inputSchema: { type: "object", properties: {} },
-            output: { content: [{ type: "text", text: z.string() }] },
-          },
-        ],
+        tools: [AuthenticateTool.requestSchema, ListAccountsTool.requestSchema],
       };
     });
 
     this.server.setRequestHandler(CallToolRequestSchema, async (request) => {
       const { name } = request.params;
       try {
+        if (name === AuthenticateTool.requestSchema.name) {
+          return await AuthenticateTool.requestHandler(request);
+        } else if (!XeroClientSession.isAuthenticated()) {
+          return {
+            content: [
+              {
+                type: "text",
+                text: "You must authenticate with Xero first",
+              },
+            ],
+          };
+        }
         switch (name) {
-          case "list_accounts":
-            const accounts = (await getAccounts()).accounts || [];
-            return {
-              content: [
-                {
-                  type: "text",
-                  text: `${accounts.length} accounts found\n${accounts.map(
-                    (account) => `${account.name} (${account.code})`
-                  )}`,
-                },
-              ],
-            };
+          case ListAccountsTool.requestSchema.name:
+            return await ListAccountsTool.requestHandler(request);
           default:
             throw new Error(`Unknown tool: ${name}`);
         }