This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

Previously implemented the OAuth 2.0 authorization flow for an integration, however refresh tokens expire after 7 days and you have to go through the flow again every 7 days sadly.
So now I am trying to implement the TBA three step authorization flow, and I get all the way to step 3 where NetSuite just responds with an "Invalid Login Attempt" message.
Anyone successfully able to implement this flow before? In this :thread: I am posting the Postman script I am trying to run to get this working.

```const consumer_key = 'foo'
const consumer_secret = 'bar'

const oauth_token = 'biz'
const oauth_token_secret = 'fizz'
const oauth_verifier = 'buzz'

const headersObject = {
    oauth_token,
    oauth_consumer_key: consumer_key,
    oauth_nonce: "123456789",
    oauth_timestamp: Math.round(Date.now() / 1000),
    oauth_signature_method: "HMAC-SHA256",
    oauth_version: "1.0",
    oauth_verifier,
}

var authString = "OAuth"
var requestString = "POST&amp;" + encodeURIComponent("<https://2721553.restlets.api.netsuite.com/rest/accesstoken>") + "&amp;"
for(var key in headersObject) {
    if (key === 'oauth_token') { // First in the list dont want a duplicate &amp;(%26)
        requestString += `${key}=${encodeURIComponent(headersObject[key])}`
    } else {
        requestString += `%26${key}=${encodeURIComponent(headersObject[key])}`
    }

    authString += ` ${key}="${headersObject[key]}",`
}

console.log(requestString)
var signature = CryptoJS.HmacSHA256(requestString, consumer_secret + "&amp;" + oauth_token_secret)
var encodedSig = encodeURIComponent(CryptoJS.enc.Base64.stringify(signature))
authString += ` oauth_signature="${encodedSig}"`

pm.request.headers.add({
    key: 'Authorization',
    value: authString
})```

Had a thought to use the OAuth 2.0 token to hit the `IssueToken` endpoint to issue a TBA token lmfao but would prefer to get the proper three step flow working

the usual advice is to use a oauth 1 library like <https://www.npmjs.com/package/oauth-1.0a|oauth-1.0a>

My backend is written in Haskell so I'll probably just end up needing to write the requests myself :sweat_smile:
Right now I'm just trying to mock them out in Postman but can't seem to get step 3 to work when I use the same method to generate the signature as step 1

I do see a package for OAuth 1.0 for Haskell tho
<https://hackage.haskell.org/package/hoauth|https://hackage.haskell.org/package/hoauth>

doesnt look good enough at first glance, it doesnt list support for hmac-sha256

you probably would want to try <https://hackage.haskell.org/package/authenticate-oauth> instead