I have set up Postman as per the help instructions and Xero to get the ClientID and Client Secret. When I hit the Request Token in Postman, the Xero logon screen is shown and when I logon, I do not get the Xero OAuth 2.0 Allow Access screen - it goes straight to the Dashboard screen.
How do I get it to show the Allow Access screen so that Xero will return the Token?
When things go wrong like this, it's very hard to debug in Postman. I would suggest that you use oauth.tools instead. The idea is somewhat similar. First, go to that web site and create a new environment:
You can give it a nice name, like xero if you want. Fill in the Authorization Endpoint with https://login.xero.com/identity/connect/authorize and the Token Endpoint with https://identity.xero.com/connect/token.
On the Client tab, click + New client. Then, enter the Client ID of the app found in the Xero dev portal. Set the secret as well and toggle on Code Flow:
Close that modal, and then do one very important thing in the Xero dev portal: For the Xero app, make sure the redirect URI is set to https://oauth.tools/callback/code:
Then, in OAuth.tools, create a new flow:
Select Code Flow:
In the environment dropdown, make sure the one you created is selected:
In the Client ID text combobox, pick the one you created in the environment. Type offline_access in the scope listbox. Hit enter to create it. Type openid and hit enter. Click the Run button:
Login at Xero. At this point, you may get back to oauth.tools directly or you may see the consent screen you wanted. If you don't get the consent screen, it's because Xero has persisted your delegation. In other words, you've already authorized the client, so it doesn't ask you to do it again. To force it to, select consent from the prompt dropdown:
Then, hit Run again, and Xero will always show you the consent.
If you want an access token, after you get back to OAuth.tools, hit Redeem Code next to step 3:
In the result pane on the right, you'll see the access token, refresh token, and ID token.
