Is anyone familiar / got this segement of code wor...
# suitescriptj
Justin Xayarinh
03/15/2024, 8:33 PMIs anyone familiar / got this segement of code working before? Essentially we want to use the https.post function to decrypt the GUID in our POST body off a credential field on our Suitelet : https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/article_159073608341.html#Generate-Credential-Field
Justin Xayarinh
03/15/2024, 8:34 PMIt can authorize successfully to the 3rd party endpoint but it’s not replacing the GUID with the decrypted value
Justin Xayarinh
03/15/2024, 8:35 PM Copy code
let tempURL = `${this.getUrl()}${resource}?password={${body.client_secret}}`;
log.debug('BEFORE', tempURL);
if (credentials) {
tempURL = https.createSecureString({
input: `${this.getUrl()}${resource}?password={${body.client_secret}}`
});
}
body = JSON.stringify(body);
log.debug('PARAMETERSBODY', body);
log.debug('POSTCREDENTIALS', credentials);
log.debug('tempURL', tempURL)
const response = <http://https.post|https.post>({
url: tempURL,
body: body,
credentials: [body.client_secret],
headers: {
'Content-Type': 'application/json',
'Accept':'application/json',
'password': body.client_secret
}
});Justin Xayarinh
03/15/2024, 8:35 PMbody.client_secret is the GUID we get from the POST parameters of the Suitelet
b
battk
03/15/2024, 9:00 PMin general, the secrets/guids are treated as templates
battk
03/15/2024, 9:01 PMfor example, if the id of your guid is 4cc0f6c255ad4299ad538b3b4c75580a
battk
03/15/2024, 9:02 PMthen references to {4cc0f6c255ad4299ad538b3b4c75580a} will be replaced with whatever password was put inside it
battk
03/15/2024, 9:02 PMimportantly, 4cc0f6c255ad4299ad538b3b4c75580a will not be replaced
battk
03/15/2024, 9:03 PMits kinda hard to tell with the code you shared since you arent sharing the actual values
j
Justin Xayarinh
03/15/2024, 9:03 PMi see
b
battk
03/15/2024, 9:03 PMbut fair chance
Copy code
'password': body.client_secretj
Justin Xayarinh
03/15/2024, 9:03 PMso everything needs to have brackets surrounding the GUID?
b
battk
03/15/2024, 9:04 PMno, not everything, only places where you actually want them to be replaced
battk
03/15/2024, 9:04 PMfor example, you wouldnt want to do it
Copy code
credentials: [body.client_secret],j
Justin Xayarinh
03/15/2024, 9:05 PMand for my POST body would need something like this?
Copy code
let postBODY = {
client_id: "CLIENT_SCRET_VALUE",
client_secret: "{GUID_VALUE}",
code: "CODE_VALUE"
}b
battk
03/15/2024, 9:06 PMits honestly easier if you experiement with it yourself
battk
03/15/2024, 9:06 PMmake the post to an echo service like httpbin.org or postman echo
battk
03/15/2024, 9:07 PMthat way you can see what the request looks like
battk
03/15/2024, 9:07 PMif you are using guids, you probably would need a new one since thats a new url
battk
03/15/2024, 9:08 PMits a lot easier to manage secrets using Secrets Management, which actually allows edits
j
Justin Xayarinh
03/15/2024, 9:42 PMyea the issue i think is that we want to use the secret value in the POST body not in the url or headers which I think https.post will only replace in the url or headers only
b
battk
03/15/2024, 9:44 PMsecrets and guids function the same, they both can be used in the url/headers/body
battk
03/15/2024, 9:45 PMits just that secrets actually have a ui to manage them
j
Justin Xayarinh
03/15/2024, 9:46 PMso why isn’t this part of the documentation working
Justin Xayarinh
03/15/2024, 9:46 PMoptions.credentials
string[]
optional
An array of string GUIDs. These GUIDS are searched for in the options.body of the request and are replaced by the decrypted passwords before they are sent to a third-party server.
Justin Xayarinh
03/15/2024, 9:46 PMits almost like it’s not searching for the GUID in the post body and replacing it
Justin Xayarinh
03/15/2024, 9:47 PMthats my end goal
b
battk
03/15/2024, 9:49 PMi recommend starting with secrets, mostly because its harder to mess up the configuration of the secret
battk
03/15/2024, 9:50 PMguids means you need to also get the setup of the credential field correct
battk
03/15/2024, 9:50 PMi mean, you also have to do it with secrets, but there is a prettier ui with the secrets
j
Justin Xayarinh
03/15/2024, 9:52 PMyea we have a suitelet with a credential field asking for user input - then in the POST trying to use that entered secret to call a 3rd party API
Justin Xayarinh
03/15/2024, 9:52 PMcan’t use api secrets manager because the user entered secret is dynamic
b
battk
03/15/2024, 9:57 PMokay
battk
03/15/2024, 9:57 PMthen you get to learn why they implemented secrets
battk
03/15/2024, 9:57 PMwhat does the setup of your credential field look like
j
Justin Xayarinh
03/16/2024, 3:40 AM Copy code
form.addCredentialField({
id: 'password',
label: 'App Secret',
restrictToScriptIds: ['customscript_test_script'],
restrictToCurrentUser: false,
restrictToDomains: ['<http://sandbox.dev.clover.com|sandbox.dev.clover.com>', '<http://api.clover.com|api.clover.com>']
});b
battk
03/16/2024, 5:09 AMthe guid will only work on the script with idcustomscript_test_script
battk
03/16/2024, 5:09 AMand to the urls 'sandbox.dev.clover.com', 'api.clover.com'
battk
03/16/2024, 5:10 AMwhich is not really enough for educational purposes
battk
03/16/2024, 5:10 AMadd an echo service to the domain list