Example mixes OAuth and API logic in controllers and helpers

The current Rails example puts Xero OAuth flows and accounting API calls directly in `ApplicationController` and helpers. This makes it less idiomatic and harder to maintain. Separating OAuth into its own controller and moving API interactions into services or concerns would improve clarity and follow Rails conventions.