RE: OAuth 2.0 Code or Client Grant Flow for Website showing billing information?
I am a Developer upgrading an older OAuth 1.0 TBA setup to OAuth 2.0 without the TBA.
Now I have on the Sandbox, the Client Credentials Flow working, except with the refresh token expiring every seven days, I can’t create a backend script that somehow opens a Session on NetSuite (by login into NetSuite?), redirects the URL and gets the code parameter value so I can finally generate a new refresh token. All that so a customer can view their billing information online? That seems extreme and not secure.
Is there something I am missing on the whole token refresh? How to set up the first step of the Client Credentials Flow without doing the Session login?
Or am I just using the wrong Flow, and should I go with the OAuth 2.0 Client Credentials Flow?
Some clarity on this would be greatly appreciated.
What you describe sounds more like the standard OAuth flow rather than the Client Credentials M2M flow.
Is this definitely the method you’re using:
If so, you shouldn’t need user intervention or refresh token.