hey everyone! Does anyone have experience using t...
# suitescriptm
mrrob503
09/09/2021, 11:43 AMhey everyone! Does anyone have experience using the new "API Secrets" with the N/https module? I'm trying to store Basic auth client/secret credentials in a "Secret" and then use it in a SecureString, but it doesn't seem to be that simple of course.
b
battk
09/09/2021, 11:47 AMare you on 2021.2?
m
mrrob503
09/09/2021, 1:33 PMnot yet, why?
b
battk
09/09/2021, 1:39 PM2021.2 is when the crypto module related stuff becomes good enough to implement basic authentication
battk
09/09/2021, 1:41 PMif you are doing it before, you need to do the base64 encoding of the username and password first, store that in the secret, and then you can use that to implement basic authentication
m
mrrob503
09/09/2021, 1:43 PMoooh hmm, okay, maybe the issue is that i did that in reverse. I have the UTF-8 client:password stored, and I'm using secureString.convertEncoding() to get it to Base_64. Lemme try your way instead
b
battk
09/09/2021, 1:46 PMthe problem is that the crypto stuff assumes one encoding
battk
09/09/2021, 1:47 PMwhich means you cant do a header like `Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==``
m
mrrob503
09/09/2021, 1:47 PMhmm. it's like creating a secure string from a Secret just doesn't work. I'm sending the result to a mirror server, and it comes back as just "Basic custsecret_hitc_dev_restlet_base64"
b
battk
09/09/2021, 1:47 PMthe
BasicQWxhZGRpbjpvcGVuIHNlc2FtZQ==battk
09/09/2021, 1:47 PMwhat does your code look like
m
mrrob503
09/09/2021, 1:48 PM Copy code
const basic = https.createSecureString({ input: 'Basic ' });
const cred64 = https.createSecureString({ input: 'custsecret_hitc_dev_restlet_base64' });
const auth = basic.appendSecureString({ secureString: cred64 }); // This isn't working :(b
battk
09/09/2021, 1:50 PM{custsecret_hitc_dev_restlet_base64}m
mrrob503
09/09/2021, 1:50 PMi'll try putting the whole "Basic MGFmO...." string into one Secret
mrrob503
09/09/2021, 1:50 PMoooh, really?
b
battk
09/09/2021, 1:50 PM Copy code
The string to convert to a https.SecureString.
The following patterns are accepted:
\{[a-fA-F0-9]{32}\} or alternatively { + <32 hexadecimal characters forming a UUID/GUID> + }
\{custsecret[a-zA-Z0-9_]{1,89}\} or alternatively { + custsecret + <1 up to 89 alfanumeric characters or underscores > + }
specific payment-plugin tokensm
mrrob503
09/09/2021, 1:51 PMapparently i need to improve my RegEx understanding lol. i thought that was just syntax
b
battk
09/09/2021, 1:51 PM\{ means a literal {
battk
09/09/2021, 1:51 PMthe backslash is the escape
m
mrrob503
09/09/2021, 1:52 PMi think that is the missing piece for me, thank you so much 🙂
b
battk
09/09/2021, 1:52 PMyou also only need 1 securestring
battk
09/09/2021, 1:53 PM{custsecret_hitc_dev_restlet_base64} acts as a template expression
battk
09/09/2021, 1:53 PMso you can just do
Basic {custsecret_hitc_dev_restlet_base64}m
mrrob503
09/09/2021, 1:55 PMoooh nice, i'll try that
4 Views