This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

Is OAuth 2.0 supposed to be the better way to connect/authenticate with NS versus OAuth 1.0 by virtue of the fact that it is "version 2.0"?

<@U97T0ER26> Eh kinda. Oauth 2.0 is designed to be a bit more secure and simpler for the end user, but in my experience nets out to be more complicated for developers and creates huge headaches for automated testing. I personally prefer Oauth 1.0 but inevitably I'm sure it will be deprecated first. I have no plans to migrate unless forced

Hi <@UAE7BF7TK> What kind of issues that you ran into? Is renewing refresh token a pain? It looks like you have to review it every 7 days.  I am implementing with oAuth 2.0 and does seems it is a bit painful. I would love to learn more about some of the issues you ran into.

Renewing refresh tokens is for authorization code grant. You need to use client credentials so that all you need is to get an access token and not have to renew your refresh token.

<@U03UX5FM4TE> Oauth 2.0 is annoying for these two reasons:
• It is a UI-based auth flow, so it's difficult (sometimes not even possible) to introduce automated testing for
• Refresh tokens and access tokens change over time by design. This is annoying b/c it's entirely possible that you refresh your token pair, the network request succeeds, but something else fails leaving you with no valid credentials
These are not NetSuite specific complaints, just issues in general with Oauth 2.0

I am going to also look at the Certification Rotation method  to see if that's any better and if it could be automated.
<@UAE7BF7TK> In the scenario 2 - if if fails is it only way to get tokens are to ReAuth using UI?

<@U97T0ER26> I know this is an old thread but can you elaborate on that? I'm stuck on a project with an integration where they are telling me that the bearer token is expiring every 7 days which is causing issues keeping it authenticated with 2.0. This is machine to machine and they don't store certs so haven't been able to go that route with them. Does gaining the access code still require user authentication?

<@U4N1L4AKE> I use client credentials flow for OAuth 2.0 which involves uploading a client certificate in NS and then using the private part of that certificate to generate the JWT to get an Access Token vs the code grant flow. But yes in answer to your question the bearer token does expire and you need a new token to gain access.

<@U97T0ER26> Thanks, appreciate the response. I did the client certificate upload and used the private key to generate the JWT but like I said, unfortunately, they won't store certs so I'm back at square one with them. They don't support OAuth 1.0 either. Pulling out my hair. lol