The NetSuite as OIDC Provider feature is based on the OAuth 2.0 authentication method.
NetSuite as OIDC Provider access is based on the OAuth 2.0 authorization code grant flow for generation of access tokens, refresh tokens, and ID tokens. The authorization code grant flow does not require signing of requests.
The OAuth 2.0 authorization code grant flow consists of two steps. Additionally, you can implement refresh token request, and a request to the logout endpoint.
- Step One GET Request to the Authorization Endpoint
- Step Two POST Request to the Token Endpoint
- Refresh Token POST Request to the Token Endpoint
- Request to the Logout Endpoint
With the OAuth 2.0 authorization code grant flow, the application begins the process of granting the access token, refresh token, and ID token by sending a GET request to the authorization endpoint. The user, to whom the access token, refresh token, and ID token are to be granted, explicitly consents to the application accessing NetSuite.
Step One GET Request to the Authorization Endpoint
In the first step of the OAuth 2.0 authorization code grant flow, the application sends a GET request to the authorization endpoint. This request must include the required parameters in the request header.
The format of the URL is: ‘https://<accountID>.app.netsuite.com/app/login/oauth2/authorize.nl’
where <accountID> represents your NetSuite account ID. If you do not know the specific account ID, requests can be sent to
‘https://system.netsuite.com/app/login/oauth2/authorize.nl’
See the following table for details about parameters for the GET request.
Request Parameters for Step One
- response_type : The value of the response_type parameter is always
code. - client_id : Identifies the client. The value of the client ID is provided when the integration record is created.
- redirect_uri : The application uses the valid redirect URI to handle the authorization code. The value of the redirect URI parameter must match the redirect URI in the corresponding integration record.
- scope: The scope for which the application is requesting access. Values are
restlets,rest_webservices,suite_analytics, or all of them. If the application requests access more than one, separate the values by a white space. - state: The length of the state parameter must be between 24 and 1024 characters. Valid characters are all printable ASCII characters.
After giving all these values You will get a new url in get copy it and paste in new window then you will get an access request page
click ‘Allow’.
Application not authorized: You can see error redirect parameter in it.
Step Two POST Request to the Token Endpoint
The application sends a POST request to the token endpoint. The request must include client credentials in the HTTP authorization request header and the required parameters in the request body. At the end of this step, the access token and refresh token are granted.
The format of the URL is:’https://<accountID>.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token’
where <accountID> is your NetSuite account ID.
Request Parameters for Step Two
- code : The code parameter value obtained in Step One.(In step one copying a URL in new tab in that tab there is part code. copy that part and paste it in code.)
- redirect_uri : The value of the redirect_uri parameter must match the value entered in the corresponding integration record and the value in the request in Step One.
- grant_type : The value of the grant_type parameter in Step Two is
authorization_code
in authorization part we will give type basic auth username as client Id and password as client secret
Send request.
Then you will get “access token”, “refresh token”, “expires_in”, “token_type”
to use this ‘access token’ and access the Restlet script in netsuite to the Postman.
for that copy and paste the script URL in Get part and give the parameters need for this
in Authorization sub tab select Bearer token and in Token give the access token get. Send Request.
Refresh Token POST Request to the Token Endpoint and Request to the Logout Endpoint: Refresh Token POST Request to the Token Endpoint and Request to the Logout Endpoint – Jobin & Jismi IT Services – Knowledge Base (jobinandjismi.in)