https://netsuiteprofessionals.com logo
Join Slack
Powered by
I'm doing a proof of concept for the `The Three-St...
# sdf
d
I'm doing a proof of concept for the 
The Three-Step TBA Authorization Flow
... using node
b
i can guide you along if you want
pick your favored server, express is the gold standard
pick a http client, request is the old deprecated standard
using request will make a proof of concept easy since it has built in support for oauth
its probably not the best choice for production use since its deprecated
if you still choose to use it, i recommend request-promise instead since its promise interface is easier to replace
if you choose one of the many request alternatives like node-fetch, you will probably need to use oauth-1.0a to generate your oauth header for you
first step is to pick your packages and put them together to make an endpoint that makes a post to the requesttoken endpoint
d
Hey @battk, so I walk through NetSuite's code examples .... until I was able to reproduce the 
oauth_signature
.... then I swapped in my own values ... nothing!
b
i heavily recommend not implementing the crypto yourself
its much harder than using a package that does it for you
your primary choices are using request (which uses oauth-sign) or using oauth-1.0a
d
Man, I'd pay $$$ just to get past this
I've done everthing to NetSuite specs .. 
{"error" : {"code" : "USER_ERROR", "message" : "Invalid login attempt."}}
b
its really not worth the effort to implement the crypto yourself
stop trying to do so and use request's built in support: https://www.npmjs.com/package/request#oauth-signing
you won't get the role support (you would need to use oauth1.0a instead and do funny stuff with headers) but its much easier than debugging crypto stuff
d
I tried .. worse!
b
what parameters did you use
d
Tried this!
Untitled
b
missing realm and probably the signature_method
d
those aren't options I can pass in
b
request uses https://www.npmjs.com/package/oauth-sign for oauth support
you can look at the tests for better examples: https://github.com/request/request/blob/master/tests/test-oauth.js
d
@battk, no offense, but I feel you're just sending me google search results
b
ive done this before, and i know request supports most of your use case
its why i know you won't be able to get the role to easily work
d
Why all the link references then? You can't show your work?
I made 
role
optional
b
i wont share code written for someone else
d
Fine ... I do the googling on my own then, thanks anyway
b
you may find better error messages in the login audit trail
d
I'll open a support ticket. I've done everything NetSuite has asked of me
b
whats your current request parameters look like?
d
Its a POST with no body ... just an 
Authorization
header
b
are you still trying to do the crypto yourself, or are you using request's oauth support
d
You' re killing me
b
i can help you get request to work, but i prefer not to debug someone's crypto code
d
My guess @battk is this flow isn't ready for production. I suspect you're not really implemented it either. I struggle through and provide this channel with a working example
@battk, can you at least tell us if you had to set the BODY of the 'post' request?
b
ive already told you the parameters you needed to add, signature_method and realm
if you added those parameters and still are having problems, you probably want to double check that the values you are using are valid
d
yes, those are in there. I think I've got everything sorted out ... still failing though. I'm wondering if its because I'm not sending a BODY in the post
b
post body should be empty
d
Maybe I messed up the Intergration Record
b
potentially, but the main things to get wrong there are the callback
which hopefully is a localhost something
the tba authorization flow checkbox, which i dont think you could have missed if you set the callback url
d
Right, that's set
The other odd thing with this Step1 is, you don't use the token-secret
b
you wouldnt have it
d
I know
b
the entire point of the tba flow is to get it
d
Yes ... but its the reason I'm doing teh crypto myself ... those other libraries expect the token_secret
I tried performing Step1 using PostMan with no luck either
b
what are your current args for request? I dont need the consumer_key and consumer_secret
j
@darrenhillconsulting hi! I stumbled upon this thread and looks like you’re having the same problem I’m having now - I’m able to generate the correct signture but I’m still getting an invalid login attempt - were you able to figure this out?
I think this was years ago so trying anything at this point to get this working!
@darrenhillconsulting - nvm i figured it out! thx
👌 1
2 Views
Open in Slack
PreviousNext
Powered by