1. Configuring the Oracle NetSuite Application
  2. Creating an Application by Using the Connector
  3. Prerequisites for Creating an Application by Using the Connector
  4. OAuth2.0 Flow to Generate the User-Level Tokens

2.1.2 OAuth2.0 Flow to Generate the User-Level Tokens

To generate the user-level access and refresh tokens, there are two steps you must complete manually, and these values should be provided in authToken in Oracle NetSuite Connector basic configuration for authentication.

The following steps must be completed by users who are opting in for Authorization Code Grant:

You must pass the Authorization code grant URL in the internet browser or use Postman to generate the tokens.

  1. Requesting the Authorization Code

    Note:

    The token URI for the developer environment is as follows:

    https://<host name>/services/rest/auth/oauth2/v1/token.

    1. Enter the following URL in a browser as provided in the example.

      Example:

      https://<host name> /app/login/oauth2/authorize.nl?redirect_uri={callback}&response_type=code&scope=restlets+rest_webservices&state=ykv2XLx1BpT5Q0F3MRPHb94j&client_id={ConsumerKey}.

      Replace {ConsumerKey} with your Consumer key / Client id and {callback} with your redirect URI. The URL above includes the signature scope required for the eSignature REST API.

      This URL opens the Oracle NetSuite authentication screen.

    2. After you enter your Oracle NetSuite account email address and password and give consent for the requested scopes and then once you redirect to the login Browser Enter the user Credentials to Login and authenticate then Click on the Continue to allow Oracle NetSuite to access your information to Provide the code. The browser will redirect to your redirect URI with a long string returned for the code parameter embedded in the URL.

      Request:

      https://<host name>/app/login/oauth2/authorize.nl?redirect_uri=http://example.com&response_type=code&scope=restlets+rest_webservices&state=ykv2XLx1BpT5Q0F3MRPHb94j&client_id=7e1c238e-xxxx-xxxx-xxxx-abcea08a3171

      Response: https://example.com/?state=ykv2XLx1BpT5Q0F3MRPHb94j&role=3&entity=4622&company=TSTDRVXXXXXX&code=096835b6aced….......457b00e3c

  2. Generating Refresh Tokens Using the Code Generated in Step 1
    1. To request a refresh token, send a POST request containing your authorization code to the NetSuite authentication service.
    2. Paste the values of Consumer Key and Consumer secret key as User name and Password respectively under Authorization in the Refresh token request with the type as Basic Auth in Postman.
    3. In addition, the refresh token request contains a set of body parameters namely grant_type and code.
      1. Update the key as code with value <code>.

        Note:

        <code> is nothing but the authorization code that you received from the callback in step 1.

        For example, code=096835b6aced..........457b00e3c.

      2. Similarly, update one or more body parameter with the key as grant_type and value as authorization_code and another body parameter with key as redirect_uri and value as the same provided in the step 1.
    4. Execute the Authorize Code Grant Refresh Token request to generate an access token and a refresh token.
      1. In the response, you will get elements, namely, access_token, token_type, refresh_token, and expires_in.
      2. Copy/save the values of refresh_token.

      For more information about how to get a refresh token with Auth Code Grant, see NetSuite Applications Suite.

      Examples:

      Request:

      curl --location --request POST " https://<host name>/services/rest/auth/oauth2/v1/token"--header "Authorization: Basic N2UxYzIzOGU1Zj........GI3Njg3MzMzMTZm" --header "Content-Type: application/x-www-form-urlencoded" --data-urlencode "code=34e8dec4289........a52fe26" --data-urlencode "redirect_uri=https://example.com" --data-urlencode "grant_type=authorization_code"

      Response:

      { "access_token":"eyJ0eXAi......mX9f7k1g", "token_type":"Bearer", "refresh_token":"eyJ0eXAi......mruC5c3A", "expires_in":3600 }

      Table 2-1 Required element for OAuth2.0 authentication

      Element Description
      refresh_token

      A token that is used to obtain a new access token without requiring user consent and Use this token in the Authorization header of all NetSuite API calls.

      Providing Values for NetSuite Connector Basic Configuration.

      After you have obtained the refresh_token value, you must provide these values in authToken under NetSuite Connector basic configuration. For information about configuration, see Configuring the NetSuite Connector. For example, eyJ0eXAi......mX9f7k1g
      refresh_token value The full refresh token value that is received from authentication.