Issues with TBA Authorization Flow

I’m trying to implement the first step (from https://netsuite.custhelp.com/app/answers/detail/a_id/87395 in SuiteAnswers) and I keep getting the response of:

{"error" : {"code" : "USER_ERROR", "message" : "Invalid login attempt."}}

I’ve tried it from within Node JS, a Suitelet (EDIT: current implementation) and manually crafting the response with Postman.

Everything has been url encoded, where required.

Signature Details

Base String: "POST&https%3A%2F%2F<account_id>-sb1.restlets.api.netsuite.com%2Frest%2Frequesttoken&oauth_callback%3D<callback_url>%26oauth_consumer_key%3D<consumer_key>%26oauth_nonce%3DWdaFfY%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1571831042%26oauth_version%3D1.0"

Key: "<consumer_secret>"

Authorization Header

OAuth realm="<account_id>_SB1", oauth_callback="<callback_url>", oauth_consumer_key="<consumer_key>", oauth_nonce="WdaFfY", oauth_signature="<signature>", oauth_signature_method="HMAC-SHA256", oauth_timestamp="1571831042", oauth_version="1.0"

Any thoughts on what I’ve potentially gotten wrong?

Beginner Asked on October 23, 2019 in SuiteScript.
Add Comment
2 Answer(s)

I would suggest logging in to your Sandbox account and follow the steps I entered on this similar question. It may lead you to where you are having issues:

Beginner Answered on October 23, 2019.

Thanks for that, getting InvalidSignature currently. I’ve saved the search and I’ll reference it as I keep at it.

on October 23, 2019.
Add Comment

Hey Daryl, use the oauth-1.0a module in Node.JS to help you format your header.  You can take a look at some sample code here (though there’s a lot of other stuff this file is doing too, so you’ll have to peak around):  https://github.com/MichaelEPope/nsrestlet/blob/master/nsrestlet.js

Also, just a note, this will be pretty hard to do in Node.JS because of Step 2 requiring a redirect URL.  This is the only way you can get the information you need to proceed.  This means you’ll need to run a web server somewhere to receive the callbacks and get the token info if I’m reading the steps correctly (and then that data will have to be forwarded to Node).  It won’t be completely solvable without a web server.

Best of luck with it all in any case 🙂

-Michael Pope

Rookie Answered on October 23, 2019.

Sorry I should have mentioned, my current implementation is in a Suitelet.

on October 23, 2019.

Using this https://github.com/mark-keaton/oauth-netsuite for handling the oauth stuff.

on October 23, 2019.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.
  • This site made possible by our sponsors:   Tipalti   Celigo   Limebox   Become a Sponsor