Can you UNRevoke a OAuth 2.0 Client Credentials se...
# suitescriptd
darrenhillconsulting
11/29/2023, 12:30 AMCan you UNRevoke a OAuth 2.0 Client Credentials setup?
darrenhillconsulting
11/29/2023, 12:30 AMWe have a client that had some rouge employee revoke an integration
darrenhillconsulting
11/29/2023, 12:33 AMIts part of a SuiteApp, and the integration record is distributed in it
e
Eric B
11/29/2023, 12:44 AMYes you can revoke the certificate
d
darrenhillconsulting
11/29/2023, 12:45 AM@Eric B, I'm trying to UNrevoke
a
Anthony OConnor
11/29/2023, 1:09 AMI don't think so you just have to issue new ones
e
Eric B
11/29/2023, 1:18 AMOnce a certificate is revoked it cannot be used again. You will need to upload a new certificate and send the new key to them to use for the JWT.
👍 1
d
darrenhillconsulting
11/29/2023, 2:04 AMOh geez, really? So, this would affect all the other customers ? Since I have to regenerate a new set of keys?
darrenhillconsulting
11/29/2023, 2:11 AMI mean, the integration server's private key would need to be updated ... and so would everyone else's public key. Have I got that right?
b
battk
11/29/2023, 4:44 AMyou can use the same private key to generate a certificate
d
darrenhillconsulting
11/29/2023, 3:44 PMOh? This I didn't know. So, the other customers would not be affected?
b
battk
11/29/2023, 4:35 PMyou still need a new certificiate/public key
battk
11/29/2023, 4:36 PMbut the private key used by your server can remain the same
d
darrenhillconsulting
11/29/2023, 5:04 PMWell, I can't get this to work. When I run
openssl pkey -in ./private.pem -pubout -out ./public.pemdarrenhillconsulting
11/29/2023, 5:05 PMWhen I try and use the new public.key, NetSuite says
Copy code
*OAuth 2.0 Client Credentials Error*
Unable to parse provided x509 certificate.darrenhillconsulting
11/29/2023, 5:35 PMI think this is above my pay grade.
b
battk
11/29/2023, 5:37 PMyou use opsenssl req without -newkey and instead use -key
d
darrenhillconsulting
11/29/2023, 5:45 PMLemme give er a go
darrenhillconsulting
11/29/2023, 5:51 PMOk, that works'ish. Now the issue is the client will get a NEW Certificate ID (which will be different from everyone elses). So, I'm in the same boat. The integration server can retain its private key, the need to update its CertID to get an NS AccessToken.
b
battk
11/29/2023, 5:52 PMagain, you still need a new certificate for netsuite
d
darrenhillconsulting
11/29/2023, 5:53 PMSo, I'm understanding. What I'm working towards is ..
darrenhillconsulting
11/29/2023, 5:54 PMLet's say I have an install base of 10 netsuite accounts with my SuiteApp. I have a node server that is going to talk to these accounts via ClientCreds. I generate my cert/keys. I retain the private key and distribute the public keys. At this point, I can connect to all 10 netsuite accounts.
darrenhillconsulting
11/29/2023, 5:55 PMNow, I have 1 customer who accidentally revokes , and now loses connectivity. I'm trying to figure out a way to help that customer regain access, without affecting the other 9
darrenhillconsulting
11/29/2023, 5:56 PMShould I assume (support) the fact that each install could have a unique CertID?
b
battk
11/29/2023, 5:56 PMyes
d
darrenhillconsulting
11/29/2023, 5:57 PMCool. So each NetSuite install, I'll store the NS AccountID AND the generated CertID.
darrenhillconsulting
11/29/2023, 6:04 PM@battk, thanks for stepping in. Always appreciated.
8 Views