Before I go down a rabbit hole, can `N/https` and ...
# suitescript
e
Before I go down a rabbit hole, can
N/https
and
N/crypto
be used to create a basic auth header without using a guid but using the username/pass stored in API Secrets? I don't see how to retrieve the password to add it to
credentials
in
<http://https.post|https.post>
c
as in a Bearer token auth header?
e
No, just basic auth.
Basic base64encodedString
c
oh, you mean like you said in your message "basic auth" 😄 I was being a bit hopeful, since I'm in the place of wanting to use API Secrets to store an API token for Bearer auth and just saw your message pop up as I was about to dive into my own rabbit hole.... here's hoping!
b
there arent many functional differences between guids and secrets
secrets are just more convenient to create since you dont need to create your own fields
doing base 64 encoding requires the use of a https.SecureString
which will encode the entire string, you cant make it not encode the
Basic
part of the authorization header
closest ive found is to do the encoding of the username and password before storing in netsuite
e
So can load the token/guid using
createSecret
and using that for secureString?
Guess I can try
Copy code
var username_credential = GLOBALS.Constants.credentials.username;
            var password_credential = GLOBALS.Constants.credentials.token;
            var credentials = [username_credential, password_credential];
            var secureString1 = https.createSecureString({
                input: '{' + username_credential + '}'
            });
            secureString1.appendString({
                input: ':',
                encoding: https.Encoding.UTF_8
            });
            var secureString2 = https.createSecureString({
                input: '{' + password_credential + '}'
            });
            secureString1.appendSecureString({
                secureString: secureString2
            });
            secureString1.convertEncoding({
                toEncoding: https.Encoding.BASE_64
            });
            var headers = {};
            headers['authorization'] = secureString1; //getCredentialHeader4();
            log.debug('POSTING RECORD', JSON.stringify(recordObject));
            // send data
            try {
                var restResponse = <http://https.post|https.post>({
                    headers: headers,
                    credentials: credentials,
                    body: JSON.stringify(recordObject),
                    url: endpoint
                });
            } catch (e) {
                log.error('ERROR POSTING RECORD', e);
                return null;
            }
This works, so maybe I'm on the right path
b
it probably works as in you wont get an error
but you arent going to be able to stick the string "Basic " in front of your header
e
Got it
The checkbox
Allow all domains
seems busted on the secrets page, I keep getting an error of INVALID_DOMAIN no matter what I do there.
b
probably need to share more, i can say that i can allow a secret for all domains
e
Copy code
/**
 * @NApiVersion 2.1
 * @NScriptType Suitelet
 */
define(['N/https', 'N/crypto'],
    /**
     * @param{https} https
     */
    (https, crypto) => {
        const onRequest = (scriptContext) => {
            let output = '';
            if (scriptContext.request.method === 'GET') {
                let secret = 'custsecretac7e387eb41c4699a9dc55ec35d78ea6';
                const secretKey = https.createSecretKey({
                    secret: secret
                });
                let post_url = '<https://webhook.site/baa3e55c-9a5b-4790-9c5b-3eb7f2bebf99>';
                const username_credential = secret.replace('custsecret', '');
                const password_credential = secretKey.secret;
                const credentials = [username_credential, password_credential];
                let secureString1 = https.createSecureString({
                    input: '{' + username_credential + '}'
                });
                secureString1.appendString({
                    input: ':',
                    encoding: https.Encoding.UTF_8
                });
                const secureString2 = https.createSecureString({
                    input: '{' + password_credential + '}'
                });
                secureString1.appendSecureString({
                    secureString: secureString2
                });
                secureString1.convertEncoding({
                    toEncoding: https.Encoding.BASE_64
                });
                const headers = {};
                headers['authorization'] = secureString1;

                const postdata = {
                    'other': 'placeholder information'
                };
                output += 'postdata = ' + JSON.stringify(postdata, null, 3); //output postdata in suitelet

                // send data
                try {
                    var response = <http://https.post|https.post>({
                        headers: headers,
                        credentials: credentials,
                        body: postdata,
                        url: post_url
                    });
                    output += '\n\nresponse = ' + response.body; //output response									
                } catch (e) {
                    log.error('ERROR', e);
                    scriptContext.response.write(`Error: ${e.message}`);
                    return;
                }
            }
            scriptContext.response.write(output);
        }
        return {onRequest}
    });
b
huh
you have some weird stuff going on in there
e
with secureString NS replaces the guid with the password, so I figured I would take a shot in the dark and try it lol
b
Copy code
let secret = 'custsecretac7e387eb41c4699a9dc55ec35d78ea6';
                const secretKey = https.createSecretKey({
                    secret: secret
                });
const username_credential = secret.replace('custsecret', '');
what is going on here?
e
the secret id is the username for the auth
it actually is that guid
could have been custsecretMyUsername, but that's the correct username
b
the restrict to domain is required for guids from credential fields
and your username_credential will be interpreted as a guid since it doesnt begin with custsecret
its also really weird to put your guid's id in your secret key's id
e
that guid in the secretid is not related to the secret itself. It was a place to store the username
I guess the username could be in the name
b
there are so many weird things
we shall start with the guid
are you sure the domain for the guid is set correctly
specifically the guid with id ac7e387eb41c4699a9dc55ec35d78ea6
e
I'm posting to https://webhook.site, which is like httpbin
b
thats normal
but your credential field's restrictions need to be setup correctly
e
I won't be using a credential field, it'll be a custom module
this is only for testing, hence why it looks so, weird
b
code you shared is for a guid
specifically
Copy code
const username_credential = secret.replace('custsecret', '');
e
I don't understand. The username and password that are supplied for the basic auth are guids, generated outside of NS. I was hoping to avoid hardcoding the username. (And reinventing the wheel.) Appreciate the feedback, I'll just encode the username and pass and store that. (As you mentioned hours ago.) This was a failed attempt at having to be involved in the updating of username/passes. Cheers @battk
b
ac7e387eb41c4699a9dc55ec35d78ea6 is a guid (hopefully generated from a credential field)
the credential field that you create needs the domains defined
e
It's the username provided to connect to the middleware
Yeah, I'm aware of that, I've successfully worked with secure strings
I understand the flow/setup for fields
Just habven't worked with secrets. All good
b
secrets are used the same way as credential guids
e
I see where this was a "um , what" for you
I'm sure I can encode the username:pass and store that and use a secret that way. Is that correct?
b
yes
e
I should learn to read 😉
b
if you really wanted to, you can make a username field and a password, have the user fill in those fields, then script the encoding of the username and password
you can then set that value in your credential field
e
Got it. I understand
Thanks again, appreciate it