xero-ruby 2.8.1 → 2.10.1

data/lib/xero-ruby/api/project_api.rb

@@ -31,7 +31,8 @@ module XeroRuby
     # @param project_create_or_update [ProjectCreateOrUpdate] Create a new project with ProjectCreateOrUpdate object
     # @param [Hash] opts the optional parameters
     # @return [Array<(Project, Integer, Hash)>] Project data, response status code and response headers
-    def create_project_with_http_info(xero_tenant_id, project_create_or_update, opts = {})
+    def create_project_with_http_info(xero_tenant_id, project_create_or_update, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.create_project ...'
       end
@@ -111,7 +112,8 @@ module XeroRuby
     # @param time_entry_create_or_update [TimeEntryCreateOrUpdate] The time entry object you are creating
     # @param [Hash] opts the optional parameters
     # @return [Array<(TimeEntry, Integer, Hash)>] TimeEntry data, response status code and response headers
-    def create_time_entry_with_http_info(xero_tenant_id, project_id, time_entry_create_or_update, opts = {})
+    def create_time_entry_with_http_info(xero_tenant_id, project_id, time_entry_create_or_update, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.create_time_entry ...'
       end
@@ -195,7 +197,8 @@ module XeroRuby
     # @param time_entry_id [String] You can specify an individual task by appending the id to the endpoint
     # @param [Hash] opts the optional parameters
     # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
-    def delete_time_entry_with_http_info(xero_tenant_id, project_id, time_entry_id, opts = {})
+    def delete_time_entry_with_http_info(xero_tenant_id, project_id, time_entry_id, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.delete_time_entry ...'
       end
@@ -273,7 +276,8 @@ module XeroRuby
     # @param project_id [String] You can specify an individual project by appending the projectId to the endpoint
     # @param [Hash] opts the optional parameters
     # @return [Array<(Project, Integer, Hash)>] Project data, response status code and response headers
-    def get_project_with_http_info(xero_tenant_id, project_id, opts = {})
+    def get_project_with_http_info(xero_tenant_id, project_id, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.get_project ...'
       end
@@ -351,7 +355,8 @@ module XeroRuby
     # @option opts [Integer] :page set to 1 by default. The requested number of the page in paged response - Must be a number greater than 0.
     # @option opts [Integer] :page_size Optional, it is set to 50 by default. The number of items to return per page in a paged response - Must be a number between 1 and 500.
     # @return [Array<(ProjectUsers, Integer, Hash)>] ProjectUsers data, response status code and response headers
-    def get_project_users_with_http_info(xero_tenant_id, opts = {})
+    def get_project_users_with_http_info(xero_tenant_id, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.get_project_users ...'
       end
@@ -441,7 +446,8 @@ module XeroRuby
     # @option opts [Integer] :page set to 1 by default. The requested number of the page in paged response - Must be a number greater than 0.
     # @option opts [Integer] :page_size Optional, it is set to 50 by default. The number of items to return per page in a paged response - Must be a number between 1 and 500.
     # @return [Array<(Projects, Integer, Hash)>] Projects data, response status code and response headers
-    def get_projects_with_http_info(xero_tenant_id, opts = {})
+    def get_projects_with_http_info(xero_tenant_id, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.get_projects ...'
       end
@@ -528,7 +534,8 @@ module XeroRuby
     # @param task_id [String] You can specify an individual task by appending the taskId to the endpoint, i.e. GET https://.../tasks/{taskID}
     # @param [Hash] opts the optional parameters
     # @return [Array<(Task, Integer, Hash)>] Task data, response status code and response headers
-    def get_task_with_http_info(xero_tenant_id, project_id, task_id, opts = {})
+    def get_task_with_http_info(xero_tenant_id, project_id, task_id, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.get_task ...'
       end
@@ -616,7 +623,8 @@ module XeroRuby
     # @option opts [String] :task_ids taskIdsSearch for all tasks that match a comma separated list of taskIds, i.e. GET https://.../tasks?taskIds&#x3D;{taskID},{taskID}
     # @option opts [ChargeType] :charge_type 
     # @return [Array<(Tasks, Integer, Hash)>] Tasks data, response status code and response headers
-    def get_tasks_with_http_info(xero_tenant_id, project_id, opts = {})
+    def get_tasks_with_http_info(xero_tenant_id, project_id, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.get_tasks ...'
       end
@@ -716,7 +724,8 @@ module XeroRuby
     # @option opts [DateTime] :date_after_utc ISO 8601 UTC date. Finds all time entries on or after this date filtered on the &#x60;dateUtc&#x60; field.
     # @option opts [DateTime] :date_before_utc ISO 8601 UTC date. Finds all time entries on or before this date filtered on the &#x60;dateUtc&#x60; field.
     # @return [Array<(TimeEntries, Integer, Hash)>] TimeEntries data, response status code and response headers
-    def get_time_entries_with_http_info(xero_tenant_id, project_id, opts = {})
+    def get_time_entries_with_http_info(xero_tenant_id, project_id, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.get_time_entries ...'
       end
@@ -804,7 +813,8 @@ module XeroRuby
     # @param time_entry_id [String] You can specify an individual time entry by appending the id to the endpoint
     # @param [Hash] opts the optional parameters
     # @return [Array<(TimeEntry, Integer, Hash)>] TimeEntry data, response status code and response headers
-    def get_time_entry_with_http_info(xero_tenant_id, project_id, time_entry_id, opts = {})
+    def get_time_entry_with_http_info(xero_tenant_id, project_id, time_entry_id, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.get_time_entry ...'
       end
@@ -886,7 +896,8 @@ module XeroRuby
     # @param project_patch [ProjectPatch] Update the status of an existing Project
     # @param [Hash] opts the optional parameters
     # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
-    def patch_project_with_http_info(xero_tenant_id, project_id, project_patch, opts = {})
+    def patch_project_with_http_info(xero_tenant_id, project_id, project_patch, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.patch_project ...'
       end
@@ -970,7 +981,8 @@ module XeroRuby
     # @param project_create_or_update [ProjectCreateOrUpdate] Request of type ProjectCreateOrUpdate
     # @param [Hash] opts the optional parameters
     # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
-    def update_project_with_http_info(xero_tenant_id, project_id, project_create_or_update, opts = {})
+    def update_project_with_http_info(xero_tenant_id, project_id, project_create_or_update, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.update_project ...'
       end
@@ -1056,7 +1068,8 @@ module XeroRuby
     # @param time_entry_create_or_update [TimeEntryCreateOrUpdate] The time entry object you are updating
     # @param [Hash] opts the optional parameters
     # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
-    def update_time_entry_with_http_info(xero_tenant_id, project_id, time_entry_id, time_entry_create_or_update, opts = {})
+    def update_time_entry_with_http_info(xero_tenant_id, project_id, time_entry_id, time_entry_create_or_update, options = {})
+      opts = options.dup
       if @api_client.config.debugging
         @api_client.config.logger.debug 'Calling API: ProjectApi.update_time_entry ...'
       end

data/lib/xero-ruby/api_client.rb

@@ -16,6 +16,8 @@ require 'tempfile'
 require 'find'
 require 'faraday'
 require 'base64'
+require 'cgi'
+require 'json/jwt'
 
 module XeroRuby
   class ApiClient
@@ -31,13 +33,15 @@ module XeroRuby
 
     # Initializes the ApiClient
     # @option config [Configuration] Configuration for initializing the object, default to Configuration.default
-    def initialize(config: Configuration.default, credentials: {})
+    def initialize(config: {}, credentials: {})
       @client_id = credentials[:client_id]
       @client_secret = credentials[:client_secret]
       @redirect_uri = credentials[:redirect_uri]
       @scopes = credentials[:scopes]
       @state = credentials[:state]
-      @config = config
+      default_config = Configuration.default.clone
+      @config = append_to_default_config(default_config, config)
+
       @user_agent = "xero-ruby-#{VERSION}"
       @default_headers = {
         'Content-Type' => 'application/json',
@@ -45,8 +49,14 @@ module XeroRuby
       }
     end
 
+    def append_to_default_config(default_config, user_config)
+      config = default_config
+      user_config.each{|k,v| config.send("#{k}=", v)}
+      config
+    end
+
     def authorization_url
-      url = "#{@config.login_url}?response_type=code&client_id=#{@client_id}&redirect_uri=#{@redirect_uri}&scope=#{@scopes}"
+      url = "#{@config.login_url}?response_type=code&client_id=#{@client_id}&redirect_uri=#{@redirect_uri}&scope=#{CGI.escape(@scopes)}"
       url << "&state=#{@state}" if @state
       return url
     end
@@ -88,22 +98,41 @@ module XeroRuby
 
     # Token Helpers
     def token_set
-      XeroRuby.configure.token_set
+      @config.token_set
     end
 
     def access_token
-      XeroRuby.configure.access_token
+      @config.access_token
+    end
+
+    def id_token
+      @config.id_token
+    end
+
+    def decoded_access_token
+      decode_jwt(@config.access_token)
+    end
+
+    def decoded_id_token
+      decode_jwt(@config.id_token)
     end
 
     def set_token_set(token_set)
-      # helper to set the token_set on a client once the user
-      # has a valid token set ( access_token & refresh_token )
-      XeroRuby.configure.token_set = token_set
-      set_access_token(token_set['access_token'])
+      token_set = token_set.with_indifferent_access
+      @config.token_set = token_set
+
+      set_access_token(token_set[:access_token]) if token_set[:access_token]
+      set_id_token(token_set[:id_token]) if token_set[:id_token]
+      
+      return true
     end
 
     def set_access_token(access_token)
-      XeroRuby.configure.access_token = access_token
+      @config.access_token = access_token
+    end
+
+    def set_id_token(id_token)
+      @config.id_token = id_token
     end
 
     def get_token_set_from_callback(params)
@@ -112,20 +141,55 @@ module XeroRuby
         code: params['code'],
         redirect_uri: @redirect_uri
       }
-      return token_request(data, '/token')
+      token_set = token_request(data, '/token')
+
+      validate_tokens(token_set)
+      validate_state(params)
+      return token_set
+    end
+
+    def validate_tokens(token_set)
+      token_set = token_set.with_indifferent_access
+      id_token = token_set[:id_token]
+      access_token = token_set[:access_token]
+      if id_token || access_token
+        decode_jwt(access_token) if access_token
+        decode_jwt(id_token) if id_token
+      end
+      return true
+    end
+
+    def validate_state(params)
+      if params[:state] != @state
+        raise StandardError.new "WARNING: @config.state: #{@state} and OAuth callback state: #{params['state']} do not match!"
+      end
+      return true
+    end
+
+    def decode_jwt(tkn)
+      jwks_data = JSON.parse(Faraday.get('https://identity.xero.com/.well-known/openid-configuration/jwks').body)
+      jwk_set = JSON::JWK::Set.new(jwks_data)
+      JSON::JWT.decode(tkn, jwk_set)
+    end
+
+    def token_expired?
+      token_expiry = Time.at(decoded_access_token['exp'])
+      token_expiry < Time.now
     end
 
     def refresh_token_set(token_set)
+      token_set = token_set.with_indifferent_access
       data = {
         grant_type: 'refresh_token',
-        refresh_token: token_set['refresh_token']
+        refresh_token: token_set[:refresh_token]
       }
       return token_request(data, '/token')
     end
 
     def revoke_token(token_set)
+      token_set = token_set.with_indifferent_access
       data = {
-        token: token_set['refresh_token']
+        token: token_set[:refresh_token]
       }
       return token_request(data, '/revocation')
     end
@@ -174,7 +238,26 @@ module XeroRuby
         :client_key => @config.ssl_client_key
       }
 
-      connection = Faraday.new(:url => config.base_url, :ssl => ssl_options) do |conn|
+      case api_client
+      when "AccountingApi"
+        method_base_url = @config.accounting_url
+      when "AssetApi"
+        method_base_url = @config.asset_url
+      when "FilesApi"
+       method_base_url = @config.files_url
+      when "PayrollAuApi"
+        method_base_url = @config.payroll_au_url
+      when "PayrollNzApi"
+        method_base_url = @config.payroll_nz_url
+      when "PayrollUkApi"
+        method_base_url = @config.payroll_uk_url
+      when "ProjectApi"
+        method_base_url = @config.project_url
+      else
+        method_base_url = @config.accounting_url
+      end
+
+      connection = Faraday.new(:url => method_base_url, :ssl => ssl_options) do |conn|
         conn.basic_auth(config.username, config.password)
         if opts[:header_params]["Content-Type"] == "multipart/form-data"
           conn.request :multipart
@@ -257,6 +340,8 @@ module XeroRuby
         end
       end
       request.headers = header_params
+      timeout = @config.timeout
+      request.options.timeout = timeout if timeout > 0
       request.body = req_body
       request.url url
       request.params = query_params

data/lib/xero-ruby/configuration.rb

@@ -60,8 +60,11 @@ module XeroRuby
     # @return [String]
     attr_accessor :password
 
-    # Defines the access token (Bearer) used with OAuth2.
+    # Defines the access token (Bearer) used with OAuth2 authorization
     attr_accessor :access_token
+    
+    # Defines OpenID Connect id_token containing Xero user authentication detail
+    attr_accessor :id_token
 
     # Defines the token set used with OAuth2. May include id/access/refresh token & other meta info.
     attr_accessor :token_set
@@ -146,6 +149,8 @@ module XeroRuby
       @payroll_au_url = 'https://api.xero.com/payroll.xro/1.0/'
       @payroll_nz_url = 'https://api.xero.com/payroll.xro/2.0/'
       @payroll_uk_url = 'https://api.xero.com/payroll.xro/2.0/'
+      @access_token = nil
+      @id_token = nil
       @api_key = {}
       @api_key_prefix = {}
       @timeout = 0
@@ -191,6 +196,14 @@ module XeroRuby
     def base_url=(api_url)
       @base_url = api_url
     end
+
+    def access_token=(access_token)
+      @access_token = access_token
+    end
+
+    def id_token=(id_token)
+      @id_token = id_token
+    end
     
     # Gets API key (with prefix if set).
     # @param [String] param_name the parameter name of API key auth

data/lib/xero-ruby/models/payroll_au/deduction_line.rb

@@ -97,10 +97,6 @@ module XeroRuby::PayrollAu
         invalid_properties.push('invalid value for "deduction_type_id", deduction_type_id cannot be nil.')
       end
 
-      if @calculation_type.nil?
-        invalid_properties.push('invalid value for "calculation_type", calculation_type cannot be nil.')
-      end
-
       invalid_properties
     end
 
@@ -108,7 +104,6 @@ module XeroRuby::PayrollAu
     # @return true if the model is valid
     def valid?
       return false if @deduction_type_id.nil?
-      return false if @calculation_type.nil?
       true
     end
 

data/lib/xero-ruby/models/payroll_uk/salary_and_wage.rb

@@ -46,6 +46,7 @@ module XeroRuby::PayrollUk
     # The type of the payment of the corresponding salary and wages
     attr_accessor :payment_type
     SALARY = "Salary".freeze
+    HOURLY = "Hourly".freeze
     
     class EnumAttributeValidator
       attr_reader :datatype
@@ -193,7 +194,7 @@ module XeroRuby::PayrollUk
       status_validator = EnumAttributeValidator.new('String', ["Active", "Pending", "History"])
       return false unless status_validator.valid?(@status)
       return false if @payment_type.nil?
-      payment_type_validator = EnumAttributeValidator.new('String', ["Salary"])
+      payment_type_validator = EnumAttributeValidator.new('String', ["Salary", "Hourly"])
       return false unless payment_type_validator.valid?(@payment_type)
       true
     end
@@ -211,7 +212,7 @@ module XeroRuby::PayrollUk
     # Custom attribute writer method checking allowed values (enum).
     # @param [Object] payment_type Object to be assigned
     def payment_type=(payment_type)
-      validator = EnumAttributeValidator.new('String', ["Salary"])
+      validator = EnumAttributeValidator.new('String', ["Salary", "Hourly"])
       unless validator.valid?(payment_type)
         fail ArgumentError, "invalid value for \"payment_type\", must be one of #{validator.allowable_values}."
       end

data/lib/xero-ruby/models/projects/time_entry.rb

@@ -44,6 +44,7 @@ module XeroRuby::Projects
     attr_accessor :status
     ACTIVE = "ACTIVE".freeze
     LOCKED = "LOCKED".freeze
+    INVOICED = "INVOICED".freeze
     
     class EnumAttributeValidator
       attr_reader :datatype
@@ -159,7 +160,7 @@ module XeroRuby::Projects
     # Check to see if the all the properties in the model are valid
     # @return true if the model is valid
     def valid?
-      status_validator = EnumAttributeValidator.new('String', ["ACTIVE", "LOCKED"])
+      status_validator = EnumAttributeValidator.new('String', ["ACTIVE", "LOCKED", "INVOICED"])
       return false unless status_validator.valid?(@status)
       true
     end
@@ -167,7 +168,7 @@ module XeroRuby::Projects
     # Custom attribute writer method checking allowed values (enum).
     # @param [Object] status Object to be assigned
     def status=(status)
-      validator = EnumAttributeValidator.new('String', ["ACTIVE", "LOCKED"])
+      validator = EnumAttributeValidator.new('String', ["ACTIVE", "LOCKED", "INVOICED"])
       unless validator.valid?(status)
         fail ArgumentError, "invalid value for \"status\", must be one of #{validator.allowable_values}."
       end

data/lib/xero-ruby/version.rb

@@ -7,9 +7,9 @@ Contact: api@xero.com
 Generated by: https://openapi-generator.tech
 OpenAPI Generator version: 4.3.1
 
-The version of the XeroOpenAPI document: 2.10.3
+The version of the XeroOpenAPI document: 2.11.0
 =end
 
 module XeroRuby
-  VERSION = '2.8.1'
+  VERSION = '2.10.1'
 end

data/spec/api_client_spec.rb

@@ -1,4 +1,4 @@
-require './spec_helper'
+require 'spec_helper'
 
 describe XeroRuby::ApiClient do
   context 'initialization' do
@@ -47,7 +47,7 @@ describe XeroRuby::ApiClient do
             state: 'i-am-customer-state'
           }
           api_client = XeroRuby::ApiClient.new(credentials: creds)
-          expect(api_client.authorization_url).to eq('https://login.xero.com/identity/connect/authorize?response_type=code&client_id=abc&redirect_uri=https://mydomain.com/callback&scope=openid profile email accounting.transactions accounting.settings&state=i-am-customer-state')
+          expect(api_client.authorization_url).to eq('https://login.xero.com/identity/connect/authorize?response_type=code&client_id=abc&redirect_uri=https://mydomain.com/callback&scope=openid+profile+email+accounting.transactions+accounting.settings&state=i-am-customer-state')
         end
 
         it "Does not append state if it is not provided" do
@@ -58,7 +58,20 @@ describe XeroRuby::ApiClient do
             scopes: 'openid profile email accounting.transactions accounting.settings'
           }
           api_client = XeroRuby::ApiClient.new(credentials: creds)
-          expect(api_client.authorization_url).to eq('https://login.xero.com/identity/connect/authorize?response_type=code&client_id=abc&redirect_uri=https://mydomain.com/callback&scope=openid profile email accounting.transactions accounting.settings')
+          expect(api_client.authorization_url).to eq('https://login.xero.com/identity/connect/authorize?response_type=code&client_id=abc&redirect_uri=https://mydomain.com/callback&scope=openid+profile+email+accounting.transactions+accounting.settings')
+        end
+
+        it "Validates state on callback matches @config.state" do
+          creds = {
+            client_id: 'abc',
+            client_secret: '123',
+            redirect_uri: 'https://mydomain.com/callback',
+            scopes: 'openid profile email accounting.transactions accounting.settings',
+            state: "custom-state"
+          }
+          api_client = XeroRuby::ApiClient.new(credentials: creds)
+          altered_state = {'state': 'not-original-state'}
+          expect{api_client.validate_state(altered_state)}.to raise_error(StandardError, 'WARNING: @config.state: custom-state and OAuth callback state:  do not match!')
         end
       end
     end
@@ -66,7 +79,7 @@ describe XeroRuby::ApiClient do
 
   describe 'api_client helper functions' do
     let(:api_client) { XeroRuby::ApiClient.new }
-    let(:token_set) { {access_token: 'eyx.jibberjabber', refresh_token: 'REFRESHMENTS'} }
+    let(:token_set) { {'access_token': 'eyx.authorization.data', 'id_token': 'eyx.authentication.data', 'refresh_token': 'REFRESHMENTS'} }
     let(:connections) {
         [{
         "id" => "xxx-yyy-zzz",
@@ -84,12 +97,17 @@ describe XeroRuby::ApiClient do
 
     it "#set_token_set" do
       api_client.set_token_set(token_set)
-      expect(api_client.token_set).to eq(token_set)
+      expect(api_client.token_set).to eq(token_set.with_indifferent_access)
     end
 
     it "#set_access_token" do
-      api_client.set_access_token(token_set[:access_token])
-      expect(api_client.access_token).to eq(token_set[:access_token])
+      api_client.set_access_token(token_set['access_token'])
+      expect(api_client.access_token).to eq(token_set['access_token'])
+    end
+
+    it "#set_id_token" do
+      api_client.set_id_token(token_set['id_token'])
+      expect(api_client.id_token).to eq(token_set['id_token'])
     end
 
     it "#refresh_token_set" do
@@ -137,6 +155,17 @@ describe XeroRuby::ApiClient do
       api_client.connections
       expect(api_client.config.base_url).to eq('https://api.xero.com')  
     end
+
+    it "does not mutate the original opts hash" do
+      expect(api_client).to receive(:call_api).and_return('')
+      opts = {
+        where: {
+          invoice_number: ['=', "INV-0060"]
+        }
+      }
+      api_client.accounting_api.get_invoices('active_tenant_id', opts)
+      expect(opts).to eq({:where=>{:invoice_number=>["=", "INV-0060"]}})
+    end
   end
 
   describe '#deserialize' do
@@ -360,4 +389,142 @@ describe XeroRuby::ApiClient do
       expect(api_client.sanitize_filename('.\sun.gif')).to eq('sun.gif')
     end
   end
+
+  describe 'token helper methods' do
+    let(:api_client) { XeroRuby::ApiClient.new }
+    let(:id_token){'eyJhbGciOiJSUzI1NiIsImtpZCI6IjFDQUY4RTY2NzcyRDZEQzAyOEQ2NzI2RkQwMjYxNTgxNTcwRUZDMTkiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJISy1PWm5jdGJjQW8xbkp2MENZVmdWY09fQmsifQ.eyJuYmYiOjE2MTk3MTQwNDMsImV4cCI6MTYxOTcxNDM0MywiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eS54ZXJvLmNvbSIsImF1ZCI6IkFEQjVBNzdEQTZCNjRFOTI4RDg0MDkwOTlBMzlDQTdCIiwiaWF0IjoxNjE5NzE0MDQzLCJhdF9oYXNoIjoiMXJNamVvUTJiOUxUNFU0ZlBXbEZJZyIsInNpZCI6ImY0YTY4ZDc0ZmM3OTQzMjc4YTgzMTg0NGM5ZWRmNzFiIiwic3ViIjoiZGI0ZjBmMzdiNTg1NTMwZTkxZjNiOWNiYjUwMzQwZTgiLCJhdXRoX3RpbWUiOjE2MTk3MTM5ODcsInhlcm9fdXNlcmlkIjoiZmFhODNlYzktZjZhNy00ODlmLTg5MTEtZTNmY2UwM2ExMTg2IiwiZ2xvYmFsX3Nlc3Npb25faWQiOiJmNGE2OGQ3NGZjNzk0MzI3OGE4MzE4NDRjOWVkZjcxYiIsInByZWZlcnJlZF91c2VybmFtZSI6ImNocmlzLmtuaWdodEB4ZXJvLmNvbSIsImVtYWlsIjoiY2hyaXMua25pZ2h0QHhlcm8uY29tIiwiZ2l2ZW5fbmFtZSI6IkNocmlzdG9waGVyIiwiZmFtaWx5X25hbWUiOiJLbmlnaHQifQ.hF04tCE1Qd-al355fQyCjWqTVWKnguor4RD1sC7rKH7zV3r3_nGwnGLMm2A96fov06fig0zusTX8onev0qFLZy-jlEXDp1f19LHhT15sBy0KH6dB0lGMrM14BnDuEP4NUGeP06nAPhQHHLw2oCc9hzYXorRVOSFDw43jgAC0vxRgDvJwgKgv6TDVEmpvwP0S4R7A0VbnFemHP_HY8gLHd7RpN7rrYmpJC4cofztdptDNLTF8Qup8qVlFdQgpJPQEQ95N1m6W-unvrh_dlO6AVMjXBjC1BJ10IGzoCCr8DSVyz2UMPnUT3oIYFVTlDc2K-ZJYkW86pigITMCdvR1hKg'}
+    let(:access_token){'eyJhbGciOiJSUzI1NiIsImtpZCI6IjFDQUY4RTY2NzcyRDZEQzAyOEQ2NzI2RkQwMjYxNTgxNTcwRUZDMTkiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJISy1PWm5jdGJjQW8xbkp2MENZVmdWY09fQmsifQ.eyJuYmYiOjE2MTk3MTQwNDMsImV4cCI6MTYxOTcxNTg0MywiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eS54ZXJvLmNvbSIsImF1ZCI6Imh0dHBzOi8vaWRlbnRpdHkueGVyby5jb20vcmVzb3VyY2VzIiwiY2xpZW50X2lkIjoiQURCNUE3N0RBNkI2NEU5MjhEODQwOTA5OUEzOUNBN0IiLCJzdWIiOiJkYjRmMGYzN2I1ODU1MzBlOTFmM2I5Y2JiNTAzNDBlOCIsImF1dGhfdGltZSI6MTYxOTcxMzk4NywieGVyb191c2VyaWQiOiJmYWE4M2VjOS1mNmE3LTQ4OWYtODkxMS1lM2ZjZTAzYTExODYiLCJnbG9iYWxfc2Vzc2lvbl9pZCI6ImY0YTY4ZDc0ZmM3OTQzMjc4YTgzMTg0NGM5ZWRmNzFiIiwianRpIjoiZmFmNGNkYzQ5MjM0YzhmZDE0OTA0ZjRlOWEyMWY4YmYiLCJhdXRoZW50aWNhdGlvbl9ldmVudF9pZCI6IjI0MmRjNWIyLTIwZTMtNGFjNS05NjU3LWExMGI5ZTI0ZGI1NSIsInNjb3BlIjpbImVtYWlsIiwicHJvZmlsZSIsIm9wZW5pZCIsImFjY291bnRpbmcucmVwb3J0cy5yZWFkIiwiZmlsZXMiLCJwYXlyb2xsLmVtcGxveWVlcyIsInBheXJvbGwucGF5cnVucyIsInBheXJvbGwucGF5c2xpcCIsInBheXJvbGwudGltZXNoZWV0cyIsInByb2plY3RzLnJlYWQiLCJwcm9qZWN0cyIsImFjY291bnRpbmcuc2V0dGluZ3MiLCJhY2NvdW50aW5nLmF0dGFjaG1lbnRzIiwiYWNjb3VudGluZy50cmFuc2FjdGlvbnMiLCJhY2NvdW50aW5nLmpvdXJuYWxzLnJlYWQiLCJhc3NldHMucmVhZCIsImFzc2V0cyIsImFjY291bnRpbmcuY29udGFjdHMiLCJwYXlyb2xsLnNldHRpbmdzIiwib2ZmbGluZV9hY2Nlc3MiXX0.vNV-YsgHFWKFBmyYdhg7tztdsPc9ykObadQcGFoFXJ8qCBerR3h7XXKzWAP3KzFzhOCcIpWU8Q081zuYBNxahPeeLRLUuc_3MwgwE72esE5vGuxa2_-_QidtNvMCgsX-ie_LcX7FE_KI-sXB_EZ8fDk6WAMIPC9d3GejgeuH5Uh6rZkhowN2jm5pZjEOEy_QE7PScBO0XEbiZNUsarvBUSdKuSTvVVLHzHzs0bHMRfgKEkqZySNtZlac-oyaL3PVba1S7A_vbRcNWpYR_VrKGf2g9LHSI3EA5j3Beto4pKukU-bk6rLBGul37u4tM17U-wyJLsFmt6ZC_SEJKgmluQ'}
+    let(:tkn_set) {{'id_token': id_token, 'access_token': access_token, 'refresh_token': 'abc123xyz'}}
+
+    before do
+      api_client.set_token_set(tkn_set)
+    end
+
+    it '#token_expired? for an expired token' do
+      expect(api_client.token_expired?).to eq(true)
+    end
+
+    it '#token_expired? for a just expired token' do
+      allow(api_client).to receive(:decoded_access_token).and_return({"exp"=>Time.now.to_i})
+      expect(api_client.token_expired?).to eq(true)
+    end
+
+    it '#token_expired? for a non-expired token' do
+      allow(api_client).to receive(:decoded_access_token).and_return({"exp"=>(Time.now + 30.minutes).to_i})
+      expect(api_client.token_expired?).to eq(false)
+    end
+
+    it '#token_expired? for an almost expired token' do
+      allow(api_client).to receive(:decoded_access_token).and_return({"exp"=>(Time.now + 30.seconds).to_i})
+      expect(api_client.token_expired?).to eq(false)
+    end
+
+    it '#validate_tokens' do
+      expect(api_client.validate_tokens(tkn_set)).to eq(true)
+    end
+    it '#access_token' do
+      expect(api_client.access_token).to eq(access_token)
+    end
+    it '#decoded_access_token' do
+      expect(api_client.decoded_access_token['aud']).to eq("https://identity.xero.com/resources")
+    end
+    it '#id_token' do
+      expect(api_client.id_token).to eq(tkn_set[:id_token])
+    end
+    it '#decoded_id_token' do
+      expect(api_client.decoded_id_token['email']).to eq('chris.knight@xero.com')
+    end
+
+    it 'decoding an invalid access_token' do
+      api_client.set_access_token("#{access_token}.NotAValidJWTstring")
+      expect{api_client.decoded_access_token}.to raise_error(JSON::JWT::InvalidFormat)
+    end
+
+    it 'decoding an invalid id_token' do
+      api_client.set_id_token("#{id_token}.NotAValidJWTstring")
+      expect{api_client.decoded_id_token}.to raise_error(JSON::JWT::InvalidFormat)
+    end
+  end
+
+
+  describe 'thread safety in the XeroClient' do
+    let(:creds) {{
+      client_id: 'abc',
+      client_secret: '123',
+      redirect_uri: 'https://mydomain.com/callback',
+      scopes: 'openid profile email accounting.transactions'
+    }}
+    let(:api_client_1) {XeroRuby::ApiClient.new(credentials: creds)}
+    let(:api_client_2) {XeroRuby::ApiClient.new(credentials: creds)}
+    let(:api_client_3) {XeroRuby::ApiClient.new(credentials: creds)}
+
+    let(:tkn_set_1){{'id_token': "abc.123.1", 'access_token': "xxx.yyy.zzz.111"}}
+    let(:tkn_set_2){{'id_token': "efg.456.2", 'access_token': "xxx.yyy.zzz.222"}}
+    
+    describe 'when configuration is changed, other instantiations of the client are not affected' do
+      it 'applies to #set_access_token' do
+        expect(api_client_1.access_token).to eq(nil)
+        expect(api_client_2.access_token).to eq(nil)
+        expect(api_client_3.access_token).to eq(nil)
+
+        api_client_1.set_access_token("ACCESS_TOKEN_1")
+        expect(api_client_1.access_token).to eq("ACCESS_TOKEN_1")
+        expect(api_client_2.access_token).to eq(nil)
+        expect(api_client_3.access_token).to eq(nil)
+
+        api_client_2.set_access_token("ACCESS_TOKEN_2")
+        expect(api_client_1.access_token).to eq("ACCESS_TOKEN_1")
+        expect(api_client_2.access_token).to eq("ACCESS_TOKEN_2")
+        expect(api_client_3.access_token).to eq(nil)
+
+        api_client_3.set_access_token("ACCESS_TOKEN_3")
+        expect(api_client_1.access_token).to eq("ACCESS_TOKEN_1")
+        expect(api_client_2.access_token).to eq("ACCESS_TOKEN_2")
+        expect(api_client_3.access_token).to eq("ACCESS_TOKEN_3")
+      end
+
+      it 'applies to #set_id_token' do
+        expect(api_client_1.id_token).to eq(nil)
+        expect(api_client_2.id_token).to eq(nil)
+
+        api_client_1.set_id_token("id_token_1")
+        expect(api_client_1.id_token).to eq("id_token_1")
+        expect(api_client_2.id_token).to eq(nil)
+
+        api_client_2.set_id_token("id_token_2")
+        expect(api_client_1.id_token).to eq("id_token_1")
+        expect(api_client_2.id_token).to eq("id_token_2")
+      end
+
+      it 'applies to #set_token_set' do 
+        expect(api_client_1.token_set).to eq(nil)
+        expect(api_client_2.token_set).to eq(nil)
+
+        api_client_1.set_token_set(tkn_set_1)
+        expect(api_client_1.token_set).to eq(tkn_set_1.with_indifferent_access)
+        expect(api_client_2.token_set).to eq(nil)
+
+        api_client_2.set_token_set(tkn_set_2)
+        expect(api_client_1.token_set).to eq(tkn_set_1.with_indifferent_access)
+        expect(api_client_2.token_set).to eq(tkn_set_2.with_indifferent_access)
+      end
+      
+      it 'applies to #base_url' do
+        expect(api_client_1.config.base_url).to eq(nil)
+        expect(api_client_2.config.base_url).to eq(nil)
+
+        api_client_1.accounting_api
+        expect(api_client_1.config.base_url).to eq(api_client_1.config.accounting_url)
+        expect(api_client_2.config.base_url).to eq(nil)
+        
+        api_client_2.files_api
+        expect(api_client_1.config.base_url).to eq(api_client_1.config.accounting_url)
+        expect(api_client_2.config.base_url).to eq(api_client_1.config.files_url)
+
+        api_client_2.project_api
+        expect(api_client_1.config.base_url).to eq(api_client_1.config.accounting_url)
+        expect(api_client_2.config.base_url).to eq(api_client_1.config.project_url)
+      end
+    end
+  end
 end