1. Commerce
  2. Commerce Developer Documentation
  3. Commerce Patches and Upgrades
  4. SCA Patches
  5. Patch Instructions
  6. Token-Based Authentication Updates for Developer Tools

Token-Based Authentication Updates for Developer Tools

All versions of the developer tools, including the extension, theme, and SuiteCommerce Advanced (SCA) developer tools, must be updated to continue to support an ongoing secure implementation of token-based authentication. The updates described in these patch instructions are needed to remove the NLAuth authorization header from token-based authentication flows. Support for the the NLAuth authorization header ends with the release of SuiteCommerce/SuiteCommerce Advanced 2022.2.1.

Important:

If you have not applied the patch described in Enable Token-Based Authentication, you must do so before continuing with the updates described in these patch instructions.

Follow the steps in these procedures to update the developer tools for your SCA implementation:

Modify the net.js File for Gulp Deployments

The modifications to the net.js file are different depending on the version of SCA you have implemented. Be sure to follow the patch instructions appropriate for your version of SCA.

net.js Modifications for SCA Kilimanjaro and Versions Running Node.js 11 and Earlier

  1. In the SuiteCommerce Advanced source directory, open this file:

    .../gulp/ns-deploy/net.js

  2. Find this OAuth1 call:

                      var oauth1 = new OAuth1({ molecule: args.m, vm: args.vm, key: args.key, secret: args.secret });

    And replace it with this call:

                      var oauth1 = new OAuth1({
    molecule: args.m,
    vm: args.vm,
    key: args.key || process.env.CONSUMER_KEY,
    secret: args.secret || process.env.CONSUMER_SECRET,
    account: args.account
});

  3. Find the getUploader method and replace the current credentials object:

                      var credentials = {
    account: deploy.info.account,
    authID: deploy.info.authID,
    user_agent: deploy.info.user_agent || undefined,
    molecule: args.m || undefined,
    nsVersion: args.nsVersion || undefined,
    applicationId: args.applicationId || undefined,
    vm: args.vm || undefined,
    key: args.key,
    secret: args.secret
};

    With this one:

                      var credentials = {
    account: deploy.info.account,
    authID: deploy.info.authID,
    user_agent: deploy.info.user_agent || undefined,
    molecule: args.m || undefined,
    nsVersion: args.nsVersion || undefined,
    applicationId: args.applicationId || undefined,
    vm: args.vm || undefined,
    key: args.key || process.env.CONSUMER_KEY,
    secret: args.secret || process.env.CONSUMER_SECRET
}

  4. Save the modifications to the net.js file.

  5. Pass the --key --secret values on the gulp deploy command. For example:

    gulp deploy --to --key secretkeyvalue1 --secret secretkeyvalue2

    Note:

    Replace secretkeyvalue1 and secretkeyvalue2 with your secret key values.

net.js Modifications for SCA 2020.2.3 and Earlier Versions

  1. In the SuiteCommerce Advanced source directory, open this file:

    .../gulp/ns-deploy/net.js

  2. Find the following line of code:

                      var package_manager = require('../package-manager');

    And replace it with the following lines of code:

                          var package_manager = require('../package-manager');
    require('dotenv').config();
    Note:

    Step 2 only applies to SCA implementations using Node.js versions 12 and later.

  3. Find this OAuth1 call:

                      var oauth1 = new OAuth1({ molecule: args.m, vm: args.vm, key: args.key, secret: args.secret });

    And replace it with this call:

                      var oauth1 = new OAuth1({
        molecule: args.m,
        vm: args.vm,
        key: args.key || process.env.CONSUMER_KEY,
        secret: args.secret || process.env.CONSUMER_SECRET,
        account: args.account
    });

  4. Find the getUploader method and replace the current credentials object:

                          var credentials = {
        account: deploy.info.account,
        authID: deploy.info.authID,
        user_agent: deploy.info.user_agent || undefined,
        molecule: args.m || undefined,
        nsVersion: args.nsVersion || undefined,
        applicationId: args.applicationId || undefined,
        vm: args.vm || undefined,
        key: args.key,
        secret: args.secret
    };

    With this one:

                          var credentials = {
        account: deploy.info.account,
        authID: deploy.info.authID,
        user_agent: deploy.info.user_agent || undefined,
        molecule: args.m || undefined,
        nsVersion: args.nsVersion || undefined,
        applicationId: args.applicationId || undefined,
        vm: args.vm || undefined,
        key: args.key || process.env.CONSUMER_KEY,
        secret: args.secret || process.env.CONSUMER_SECRET
    }

  5. Save the modifications to the net.js file.

  6. Open a command line or terminal window and run the following command:

                      npm install dotenv@16.0.1 --save

net.js Modification for SCA 2020.2.4 and Later Versions

  1. In the SuiteCommerce Advanced source directory, open this file:

    .../gulp/ns-deploy/net.js

  2. Find the following line of code:

                      const package_manager = require('../package-manager');

    And replace it with the following lines of code:

                          const package_manager = require('../package-manager');
    require('dotenv').config();
    Note:

    Step 2 only applies to SCA implementations using Node.js versions 12 and later.

  3. Find this OAuth1 call:

                      const oauth1 = new OAuth1({ molecule: args.m, vm: args.vm, key: args.key, secret: args.secret });

    And replace it with this call:

                      const oauth1 = new OAuth1({
        molecule: args.m,
        vm: args.vm,
        key: args.key || process.env.CONSUMER_KEY,
        secret: args.secret || process.env.CONSUMER_SECRET,
        account: args.account
    });

  4. Find the getUploader method and replace the current credentials object:

                           const credentials = {
        account: deploy.info.account,
        authID: deploy.info.authID,
        user_agent: deploy.info.user_agent || undefined,
        molecule: args.m || undefined,
        nsVersion: args.nsVersion || undefined,
        applicationId: args.applicationId || undefined,
        vm: args.vm || undefined,
        key: args.key,
        secret: args.secret
    };

    With this one:

                           const credentials = {
        account: deploy.info.account,
        authID: deploy.info.authID,
        user_agent: deploy.info.user_agent || undefined,
        molecule: args.m || undefined,
        nsVersion: args.nsVersion || undefined,
        applicationId: args.applicationId || undefined,
        vm: args.vm || undefined,
        key: args.key || process.env.CONSUMER_KEY,
        secret: args.secret || process.env.CONSUMER_SECRET
    }

  5. Save the modifications to the net.js file.

  6. Open a command line or terminal window and run the following command:

                      npm install dotenv@16.0.1 --save

Create a New Integration Record

  1. In NetSuite, go to Setup > Integration > Manage Integrations > New

  2. Enter a Name for this integration record.

  3. On the Authentication tab, provide the following:

    • Check the Token-Based Authentication box to enable it.

    • Check the TBA: Authorization Flow box to enable it.

    • Enter a URL in the Callback URL field.

      The callback URL is where the token-based authentication process responds with the token values. For example: http://localhost:7777/tba

  4. Disable the Authorization Code Grant box and all other OAuth 2.0 options.

  5. Click Save.

    The confirmation page displays the Client Credentials (Consumer Key and Consumer Secret). You will need this information in the following steps.

    Warning:

    The system displays the client ID and client secret only the first time you save the integration record. Be sure to record these values to use in the following steps.

Create a New .env File

  1. At the root level of the SCA source directory, create a new .env file. The root level of the SCA source directory is where the package.json file resides.

    For example, if working with the 2019.2 release of SCA, the new .env file resides in the following directory: SC_19.2_Live/.env

    The contents of the new file should look like this:

    # .env file
CONSUMER_KEY="446765bc51e70086cf582d32f0486fc0a764354ffec6c983b94e63af331346c4"
CONSUMER_SECRET="97fda39654d2f0cf3f0f9011d97616f96a3136e2c7659b867e57a1e1bbbcc566"

  2. Replace the values for CONSUMER_KEY and CONSUMER_SECRET shown in the preceding example with the values you copied from the integration record.

  3. Save and close the .env file.

Update Theme and Extension Developer Tools

SCA versions Aconcagua and later support the theme and extension developer tools. If you are implementing one of these versions of SCA, you must replace your existing theme and extension developer tools with the updated theme and extension developer tools available with the 2022.1.1 minor release or later of the SuiteCommerce Extension Manager.

Note:

Before setting up the theme and extension developer tools, make sure you have the correct version of Node.js installed for your implementation of SuiteCommerce Advanced. For required versions, see Install Node.js.

You can download and set up the theme and extension developer tools as described in the following topics:

Generate a New Token for Authentication

After completing all updates outlined in the preceding sections, the first time you fetch or deploy using the SCA, extension, or theme developer tools, you will need to generate a new token. For more information, see Generate Tokens for Authentication.

General Notices