https://netsuiteprofessionals.com logo
Join Slack
Powered by
Hey folks, I can see some of you have managed to g...
# suitescript
n
Hey folks, I can see some of you have managed to get oAuth 2.0 working in integrations, but has anyone managed to do the whole oAuth 2.0 flow and different steps with Postman? Just asking to see if it's even possible or if I'm just wasting time 🙂
b
i dont think anyone has said how their oauth 2.0 has gone
but postman has support for the oauth 2.0 flow
important things to note are to ignore the wrong url in the Step 2: POST Request to the Token Endpoint
its missing the top level domain
🙌 1
use a https url for the callback, postman will intercept whatever value you use
the state parameter is mandatory
n
@battk will try again tomorrow but the issue I had in the quick test I did was when doing the initial call (the GET) I get the login page (as the docs state you will if you don’t have a session, which I don’t in Postman or an external application) but not sure I get the flow at that particular part, how should I properly pass that? Basic auth? Feels weird if basic auth is the solution 🧐
b
the oauth 2.0 flow is designed to prompt a user to allow access to your integration
that user needs to login (or already be logged in)
n
@battk cool, I should read up a bit on it, thanks a lot.
@battk I've tried a bunch of stuff and Googled but can't seem to get past the first step, the login, have you?
b
yes, you can tell me what values you filled in for the fields of the Get New Access Token and Ill see if I can see anything
m
@Nikola Gavric @battk Am also having hard time to get the postman do a basic Restapi connection, what should be the values that get into the New access token, i tried and get to login page of netsuite. When i give my credentials it says invalid login attempt. Can one of you share a working example to get it worked.
b
same offer to you. you can tell me what values you filled in for the fields of the Get New Access Token and Ill see if I can see anything
m
@battk: Below is the details i used.
Grant Type: Authorization code Call back url: https://myapp.redirect Auth url: https://<<Accountid>>-sb1.app.netsuite.com/app/login/oauth2/authorize.nl Access Token URL : http://<<AccountID>>-sb1.suitetalk.api.netsuite/services/rest/auth/oauth2/v1/token Client ID: USER Credentails Client secret : USER Credntails Scope: restlets State: 24 Client Authorization: Send as Basic Auth
b
state doesnt look like its meets the length requirement
m
Where to get that , and what is the expeceted value
b
you probably want to read the beginning of the thread as well, your access token url is wrong
m
Changes to https now, and i still can't get the token
b
once again share the details
m
POST https://<<Accountid>>-sb1.suitetalk.api.netsuite/services/rest/auth/oauth2/v1/token Error: getaddrinfo ENOTFOUND <<Accountid>>-sb1.suitetalk.api.netsuite <<Accountid>>-sb1.suitetalk.api.netsuite:443 Warning: This request did not get sent completely and might not have all the required system headers Request Headers Content-Type: application/x-www-form-urlencoded Authorization: Basic OTIyZTcyNjIwZTgwYWU5MmE2ZWRjOTU1MzRmODY5MmY3N2ZlZDVhMWYwYzlhMDdiZTZjOTNiY2UyYTY3YzRmMTo2ZDYwMWFlMjkwNmI1NDNjNmFhM2U2Y2FlNmJlOTQ1NzRiMDYyNmI2ZWRjZjU4MDYxMjI0NmExYTQzMDNkZDA5 User-Agent: PostmanRuntime/7.24.1 Accept: / Cache-Control: no-cache Postman-Token: 5b8acbdb-6f32-4ef0-b35b-c5827c5beaef Host: <<Accountid>>-sb1.suitetalk.api.netsuite Accept-Encoding: gzip, deflate, br Connection: keep-alive Request Body grant_type: "authorization_code" code: "0cc2dbd99dedab311770115c353a8e0157996c3762567b59c5664d67694edc32" redirect_uri: "https://myapp/redirect" client_id: "922e72620e80ae92a6edc95534f8692f77fed5a1f0c9a07be6c93bce2a72c4f1"
Thats the error am getting on the postman console
b
ENOTFOUND still means your url is wrong
still missing the top level domain
m
Where?
b
access token url
m
What is missing here in the accesstoken url
b
lookup what a top level domain is
n
@battk here's my data that I send: Grant Type: Client Credentials Access Token URL: https://xxxxxx.app.netsuite.com/app/login/oauth2/authorize.nl?response_type=code&amp;redirect_uri=https://www.getpostman.com/oauth2/callback&amp;state=n1k2l3n213jln123lj1n23kl31232 Client ID: xxxxxxxxxx Client Secret: xxxxxxxxxx Scope: restlets Client Authentication: Tried both
b
are you using postman's built in support for oauth 2
n
@battk as in Auth tab -> Type?
If that's what you mean it's set to oAuth 2 yes
In the console I get a HTML page back and I can find the text
Copy code
The request could not be understood by the server due to malformed syntax
in there
b
look for the button named Get New Access Token
its where you select the auth type
n
Yep the form I get from that button is where the data I posted above is frome
b
remove all the stuff in the access token url
it should be similar to what @margo had above
n
Tried, still the same error
Copy code
Error: Could not complete OAuth 2.0 token request: The request could not be understood by the server due to malformed syntax
b
as mentioned before, state is mandatory
pretty much every single parameter in the Get New Access Token dialog is mandatory
n
Ah sorry was confused because you said remove the params, will put it back, one sec
b
not in the url
n
There's no field for it as far as I can see?
b
what are you setting?
n
This
message has been deleted
b
wrong grant type
its authorization code
n
Damn it.. thanks, I get the login prompt now, but I get Invalid login attempt. when trying to login in the prompt, or actually I logged in, got the 2FA and then when writing that in I got invalid login, but not sure it's due to a config error now probably something else I'm effing up
b
for me, the invalid login was because i didnt put in a proper state
m
How to get the state value
n
Am I wrong in thinking it can be literally any string as long as it's longer than the minimum and shorter than the maximum?
Like you can make it up yourself?
b
visible ascii is there documentation for it
in a real implementation, you probably want to generate a uuid or at least use alphanumeric
for this one time thing, just assign some 24 character value
when i first did it, i just copied netsuite's example
n
ah I think I might know the problem wait
m
Am able to get the login attempt page, and then it throws me the error
@battk: What is the top level domain am doing wrong.
n
I had previously played around and change the callback URI to something other than the Postman one, now I got a step further, got to login to NS in Postman and also grant access to the application, but then after that step again got
Copy code
The request could not be understood by the server due to malformed syntax.
b
i believe you are both at the second step
which netsuite documents with a wrong url
m
What is the right url ?
n
You mean this one is wrong? 
https://<accountID>.suitetalk.api.netsuite/services/rest/auth/oauth2/v1/token
b
for @margo top level domain
n
https://<accountID>.<http://suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token|suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token>
Then yeah?
Success!
@battk thank you so much for spending time on helping us 🙂.. really appreciate it!
@margo in the example they missed the .com after Netsuite, you need to add it
b
tell me how it works out for you after the refresh token expires in 7 days
n
@battk will do, found this script that I might try to implement: https://medium.com/@allen.helton/how-to-automate-oauth2-token-renewal-in-postman-864420d381a0 You see any reason straight up this wouldn't work?
b
that looks like refreshing the access token, which is a normal part of oauth 2
the refresh token is what is used to get a new access token, and netsuite's implementation has it expiring in 7 days
m
@Nikola Gavric @battk Moved forward now getting different error
Could not complete OAuth 2.0 token request: {"\n\n\n\n\n\n\n\n<!-- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -->\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<html>\n<head>\n\t<title>Page Not Found</title>\n\t<style type":"\"text/css\">\n\t<!--\n\tbody, p, td {\n\t font-family: Arial, Verdana, Helvetica, sans-serif;\n\t font-size: 12px;\n\t}\n\t.headline {\n\t font-size: 19px;\n\t font-weight: bold;\n\t}\n\t-->\n\t</style>\n\t</head>\n<body>\n<div class=\"headline\">Page Not Found</div>\n<br>
The redirect uri looks to be problem, what should it be used
n
@margo set it to: https://www.getpostman.com/oauth2/callback Both in Postman and in the integration record in NS
b
you can use the real value you plan on using if you want
postman will intercept it regardless, you could use https://www.google.com/ if you wanted
n
@battk if I understand this correctly one needs to do a POST to the token endpoint to refresh it? or am I still mixing up the refresh token with the access token? If I'm not, wouldn't it be possible to write a pre-request script that checks a env var that you save an expiration date (today+7 days) in and if that's passed you do a call to the refresh endpoint?
b
access token is used for authorization header, it expires in an hour
refresh token is used to get a new access token, it expires in 7 days
n
I need to read up on the process/flow obviously 🙂 does the help explain the refresh token in a good way or would you suggest just a general read up on oAuth 2.0?
b
dont use netsuite as a source for oauth 2 documentation
😂 1
n
I'll read up on it, thank a lot again! I'll get back to you in 7 days when shit hits the fan haha 🙂
m
Thank You! Guys I was finally able to get it to work 🙂
n
@margo nice 🙂 battk is a hero
m
Agree @battk the Saviour
b
anyways, tell me how it goes in 7 days after your refresh token expires
n
Will do @battk
b
I am now extra interested in hearing what you think of Netsuite's implementation of OAuth 2 now that your refresh tokens expired.
😂 2
n
Just tried it and what I think is probably the same as you 😂.. has anyone from NS commented this issue @battk ?
b
they know exactly how it works, they document the error you receive after the refresh token expires and what you have to do afterwards. Why they thought this is usable is beyond me
n
@battk 😕
m
@Nikola Gavric @battk: Did netsuite change any thing on the auth url , as i get the below error
The request could not be understood by the server due to malformed syntax.
b
still the same, share your Get New Access Token dialog in case you forgot something
m
Call back url : https://www.getpostman.com/oauth2/callback Auth url : https://<<account_id>>.app.netsuite.com/app/login/oauth2/authorize.nl Access Token URL : https://<<account_id>>.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token scope: restlests state: ykv2XLx1BpT5Q0F3MRPHb94j
It is access the username and password and then when i click allow access to Netsuite data, it throws the error above
@battk any idea
b
grant type, client id, client secret, client authentication?
m
Grant Type: Authorization code
Client Authentication: Send as Basic Auth header
Client id and client secret is same as integreaion record client id and secrect
@battk: i doubt is it problem with access token url
b
you spelled restlets wrong
m
@battk same, error on after its correct. Can this be because we enabled OAuth2.0 in production, as this problem is with sandbox and production is working correctly
e
Hello all, I am new to this NetSuite Professionals Slack workspace. I have read through all of the previous responses above to people having issues with getting OAuth 2.0 to work. I am also having trouble. The error I am seeing in the Postman console is "scope_mismatch". The JSON response also says the generic: {     "error": {         "code": "INVALID_LOGIN_ATTEMPT",         "message": "Invalid login attempt."     } }
Please disregard my last message. I was able to get this to work.
Notes: 1. Enable OAuth 2.0 2. In the integration record - check the correct "scope"; in my case it was Restlets. 🙂 3. On the role associated to the Access Token, add the permission of "Log in using OAuth 2.0 Access Tokens" under setup. 4. In postman, the "header prefix" of Bearer is okay. (I could not find any documentation on this field) 5. State is mandatory. Seems any 24 character value will suffice. 6. Good luck!
b
Remember to test it out after 7 days
104 Views
Open in Slack
PreviousNext
Powered by