Hi all, I am trying to connect from a Scheduled Script in NetSuite to a GCP (Google Cloud) Bucket using a Service Account - https://cloud.google.com/iam/docs/service-account-overview So my question is related to using OAuth 2.0 for Server to Server Applications - in this case NetSuite to Google Cloud. - Using OAuth 2.0 for Server to Server Applications - https://developers.google.com/identity/protocols/oauth2/service-account I have managed to successfully do the Google Authentication in Postman, so getting a token and accessing the bucket in Postman. Using a JSON Credentials file generated in Google API Console, adding that information to Postman, and using the following pre-request script (which automatically generates the bearer token) The pre-request script is the one found in here - https://gist.github.com/dinvlad/425a072c8d23c1895e9d345b67909af0. Explanation of this method for Postman can be found in - https://medium.com/kinandcartacreated/google-authentication-with-postman-12943b63e76a So, as I did managed to this flow in Postman using the above information, I have tried to do the same in NetSuite. While I have managed to get to the bucket from NetSuite with a token generated from Postman, I am struggling to do the first part - getting the bearer token from NetSuite script before I send the API call to the bucket. The pre-request script (after some adaptations) that works in Postman does not work in NetSuite server side. So, basically, I am trying to completed the steps defined in https://developers.google.com/identity/protocols/oauth2/service-account#authorizingrequests :

After you obtain the client ID and private key from the API Console, your application needs to complete the following steps:

1. Create a JSON Web Token (JWT, pronounced, “jot”) which includes a header, a claim set, and a signature.

2. Request an access token from the Google OAuth 2.0 Authorization Server.

3. Handle the JSON response that the Authorization Server returns.

NetSuite has the following code sample, but I am struggling to make it work:

NetSuite Applications Suite - Create a JWT Token Using a Secure String - https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/article_0111025224.html#Create-a-JWT-Token-Using-a-Secure-String

Looking into this Slack archive, I have found the following related thread, but with no clear solution:

https://archive.netsuiteprofessionals.com/t/8395506/any-help-directions-to-try-and-test-will-be-really-nice-stuc#a894a393-c1bc-4c67-af44-54c85f5879d1

https://archive.netsuiteprofessionals.com/t/222932/hi-all-i-m-trying-to-connect-to-google-service-using-suitesc#1bb62732-a931-4241-a0e5-7f50a07aaf08

https://archive.netsuiteprofessionals.com/t/14154341/would-the-n-crypto-and-n-crpyto-certificate-be-able-to-perfo#3b5d19c2-1b1e-4[…]8ed-4139261f3944

Is it possible to achieve this in an NS scheduled script? Any code examples on how to do this? Thanks in advance!

Are you making sure to include your body / parameters when signing?

Sample code for creating JWT in suitescript.ts

you probably want to instead return

`${base64header}.${base64payload}.${signature}`

you dont use any secure string related functionality, so just return a string this will require you to use crypto.Hmac instead, but its easier to debug

Thank you for your help! With that, I am getting a better understanding of the situation. What I have to authenticate with Google, is a JSON Credentials file generated in Google API Console that looks like the following example:

{
  "type": "service_account",
  "project_id": "...",
  "private_key_id": "....",
  "private_key": "-----BEGIN PRIVATE KEY-----\...redacted...\n-----END PRIVATE KEY-----\n",
  "client_email": "....<http://iam.gserviceaccount.com|iam.gserviceaccount.com>",
  "client_id": ".....",
  "auth_uri": "<https://accounts.google.com/o/oauth2/auth>",
  "token_uri": "<https://oauth2.googleapis.com/token>",
  "auth_provider_x509_cert_url": "<https://www.googleapis.com/oauth2/v1/certs>",
  "client_x509_cert_url": ".....",
  "universe_domain": "<http://googleapis.com|googleapis.com>"
}

So, with how I made it work in Postman (links to explanations in previous message) is using RS256. The example provided by NetSuite uses HS256, same as the example provided by @Shawn Talbert (thanks again!). Just for reference, here is an explanation about the differences - RS256 vs HS256 JWT signing algorithms - Auth0 Community - https://community.auth0.com/t/rs256-vs-hs256-jwt-signing-algorithms/58609 But basically, RS256 is an asymmetric algorithm, meaning it uses a public and private key pair, which is what I have in my case. So, if I understand this part correctly, then I guess what I should be using for my case is some of the methods describe in _N/crypto/certificate Module - https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/section_1543432423.html#N%2Fcrypto%2Fcertificate-Module_ Is it therefore possible to generated a valid JWT signature using any of those methods? I have seen this similar case which seems to follow the same route, but I am still trying to make it work - javascript - Creating JWT Using SuiteScript 2.x for DocuSign API Integration - Stack Overflow - https://stackoverflow.com/questions/68597628/creating-jwt-using-suitescript-2-x-for-docusign-api-integration

@Roc127 Here's what works for us authenticating to Google APIs from a Map/Reduce script. It's Typescript, and you can ignore the references to

nsRequire

Thank you @Clay Roper! I managed to make it work with the code you shared after uploading a .p12 certificate into NetSuite (Create and delete service account keys | IAM Documentation | Google Cloud - _“*Note:* You can create service account keys in JSON or PKCS#12 (P12)”_) Thank you everyone for the help 🙂