OAuth 2.0 Authorization Code Grant Flow

You can use a redirection-based authorization code grant flow with OAuth 2.0. If there is no active session, users enter user credentials into one of the following login forms as a part of the flow.

• A trusted NetSuite login form

• SAML SSO Identity provider’s login form

• OIDC OpenID Connect provider’s login form

The OAuth 2.0 authorization code grant flow consists of two steps. Additionally, you can implement refresh token request, and a request to the logout endpoint.

• Step One GET Request to the Authorization Endpoint

• Step Two POST Request to the Token Endpoint

• Refresh Token POST Request to the Token Endpoint

• Request to the Logout Endpoint

With the OAuth 2.0 authorization code grant flow, the application begins the process of granting the access token, refresh token, and ID token by sending a GET request to the authorization endpoint. The user, to whom the access token, refresh token, and ID token are to be granted, explicitly consents to the application accessing NetSuite.

An administrator must create integration records for each application. See Create Integration Records for Applications that Use NetSuite as OIDC Provider for Outbound Single Sign-on. The underlying application must have the ability to open a browser.

For more information, see RFC 6749.

Related Topics

NetSuite as OIDC Provider

NetSuite as OIDC Provider Tasks for Administrators

NetSuite as OIDC Provider for Integration Application Developers

Troubleshooting NetSuite as OIDC Provider

General Notices