Is NetSuite's OAuth2 implementation not appropriat...
# suitescriptd
darrenhillconsulting
04/01/2022, 2:17 AMIs NetSuite's OAuth2 implementation not appropriate for app-2-app authentication? I mean, the refresh token expires after 7days. Is there no way to refresh the refresh token? All other OAuth2 implementations I've dealt with give you a new refresh token when you update your access token.
b
battk
04/01/2022, 2:31 AMbattk
04/01/2022, 2:32 AMexpect to work harder for this one, it uses a draft extension to oauth 2, so its harder to find support in existing libraries
e
ExtendApps Inc.
04/01/2022, 11:07 AMGreat, I'll have a look @battk
d
darrenhillconsulting
04/01/2022, 1:29 PMWow, that is brutal
darrenhillconsulting
04/01/2022, 1:29 PMI'm completely in awe at why NetSuite would implement OAuth 2 this way.
b
battk
04/01/2022, 1:31 PMmy guess is that they did not want to downgrade from the security offered by tba
d
darrenhillconsulting
04/01/2022, 2:08 PMIt feels like the best alternative is the 3-Step TBA Auth flow
darrenhillconsulting
04/01/2022, 2:08 PMSeems OAuth 2.0 Client Creds Flow is a shit show
darrenhillconsulting
04/01/2022, 2:09 PMThe solution I come up with needs to be distributable ... and it sounds like OAuth 2.0 Client Creds is unique each time. Did I read that right?
b
battk
04/01/2022, 2:13 PMits going to be harder to use, there is a manual upload step for the ssl certificate
battk
04/01/2022, 2:13 PMbut you would not need to distribute the client secret
d
darrenhillconsulting
04/01/2022, 2:14 PMThis'll be used in a SuiteApp ... so is that SSL cert upload step one-time? Or each time the SuiteApp is installed? (I can't figure that out).
b
battk
04/01/2022, 2:14 PMeach account would need its own ssl certificate
battk
04/01/2022, 2:15 PMtheoretically you can share, but thats not sane securitywise
2 Views