next-auth
next-auth copied to clipboard
nextauthjs
feat(providers): add NetSuite OAuth Provider
Add NetSuite OAuth 2.0 Provider so users can use this integration with their NetSuite Account. Documentation has been added along with PNG of logo to render on Sign In. Additionally added to issue template.
NOTE:
- It's a good idea to open an issue first to discuss potential changes.
- Please make sure that you are NOT opening a PR to fix a potential security vulnerability. Instead, please follow the Security guidelines to disclose the issue to us confidentially.
โ๏ธ Reasoning
Add NetSuite OAuth provider for new and existing users looking to get started with integrating NetSuite using Auth.js! Lots of people and low documentation out there to help users create such compatibility. This will be the plug-n-play for those using NetSuite as there backend database provider / ERP System. ๐ - Please let me know if I can make any adjustments!
๐งข Checklist
- [x] Documentation
- [x] Tests
- [x] Ready to be merged
๐ซ Affected issues
None โ
๐ Resources
The latest updates on your projects. Learn more about Vercel for Git โ๏ธ
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| auth-docs | โ Ready (Inspect) | Visit Preview | ๐ฌ Add feedback | Apr 30, 2024 3:09pm |
1 Ignored Deployment
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| next-auth-docs | โฌ๏ธ Ignored (Inspect) | Visit Preview | Apr 30, 2024 3:09pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
@HeavenlyEntity is attempting to deploy a commit to the authjs Team on Vercel.
A member of the Team first needs to authorize it.
When will new providers be considered to be added? This one I do have working in a production environment. Let me know if there is anything I need to do on my side or how I can help you guys to speed up the process. ๐
Hello @ThangHuuVu I see the new docs are looking great! Let me know how I can add the NetSuite doc instructions into the list of providers. Provide me with any new links to instructions on this would be great. Thank you!
Hello @ndom91 ๐๐ผ ! I have went ahead and removed the token arg from the example and reformatted the documentation. Unfortunately with NetSuite they do not supply an out-of-the-box callback for us so users would have to create their own RESTlet callback utilizing N/runtime. I can provide an example if needed. Looking forward to your reply!
Hello @ndom91 ๐๐ผ ! I have went ahead and removed the token arg from the example and reformatted the documentation. Unfortunately with NetSuite they do not supply an out-of-the-box callback for us so users would have to create their own RESTlet callback utilizing
N/runtime. I can provide an example if needed. Looking forward to your reply!
Yeah an example would be great then, thanks!
Also it seems like something got out of whack here. Maybe your source branch just needs to be updated with main, but oddly Github isn't offering the 1-click "update to 'main'" option, you'll have to do it manually
@ndom91 I have updated the branch and provided an example of the RESTlet that needs deployed in the NetSuite account to use as a callback. I have specified additional instructions for NetSuite users who are not familiar with the deployment process. Let me know if there are any additional adjustments needed. ๐ค
@HeavenlyEntity hmm there's still something wrong. The changes to apps/dev/sveltekit/src/auth.ts and .github/workflows/release.yml and the .github/ISSUE_TEMPLATE/3_bug_adapter.yml shouldn't be included here, for example.
Those were updates we made and merged into main a while ago. That's why i was thinking that your source branch is just out of date, however normally github offers a 1-click update source branch button which isn't the case here atm
No dependency changes detected. Learn more about Socket for GitHub โ๏ธ
๐ No dependency changes detected in pull request
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
Sorry, shuoldn't have approved it so quickly, there are a few bigger things we need to clean up..
Also would you mind if I push a commit to your branch myself? Just cleaning up some of the text copy / wording?
Sorry, shuoldn't have approved it so quickly, there are a few bigger things we need to clean up..
Also would you mind if I push a commit to your branch myself? Just cleaning up some of the text copy / wording?
That is fine @ndom91 ๐. I would encourage you to reach out if you have any questions regarding NetSuite. I can address those over email. So we're not clogging up the PR conversation ๐.
Looking at your review comments I will take a look at those later this evening ๐ฆพ. Thank you for the feedback.
@ndom91 Is there a specific profile schema model that needs followed? I'd like to return the default runtime of the current user as the default making it even easier for people to integrate.
// ...
profile(profile) {
// This is the default runtime.getCurrentUser() object returned from the RESTlet or SUITELet
return {
id: profile.id,
name: profile.name,
email: profile.email,
location: profile.location,
role: profile.role,
contact: profile?.contact
}
},
// ...
Thanks for your patience with this! It'll be available in the next releases we cut (i.e. [email protected], @auth/[email protected], etc.), unfortunately I can't say exactly when that'll be but my best guess is within a week or two max :pray:
@HeavenlyEntity @ndom91 thanks for adding this provider! I have been trying to add NetSuite as a custom provider to my next.js app for a couple of days before I came across this PR. I have been unsuccessful and next-auth's errors aren't providing much help.
But I wanted to ask how you determined the NetSuite documentation to follow to get this to work? I'm asking because I assumed I could go the route of NetSuite as OIDC provider, following this documentation: https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/chapter_160077062690.html
The main difference in my approach was passing in the wellKnown url, which contains the authorization, token, and even userinfo url ({issuer}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/userinfo). I'm able to get to the NetSuite login screen, grant consent, and login. But I am getting an oauth callback error that looks like the following:
https://next-auth.js.org/errors#oauth_callback_error invalid_request {
message: 'invalid_request',
stack: 'Error: invalid_request\n' +
' at oAuthCallback (webpack-internal:///(rsc)/./node_modules/next-auth/core/lib/oauth/callback.js:56:23)\n' +
' at Object.callback (webpack-internal:///(rsc)/./node_modules/next-auth/core/routes/callback.js:18:107)\n' +
' at AuthHandler (webpack-internal:///(rsc)/./node_modules/next-auth/core/index.js:202:51)\n' +
' at async NextAuthRouteHandler (webpack-internal:///(rsc)/./node_modules/next-auth/next/index.js:50:30)\n' +
' at async NextAuth._args$ (webpack-internal:///(rsc)/./node_modules/next-auth/next/index.js:85:24)\n' +
' at async /Users/matthewbaquerizo/Projects/Arch Painting/vendor-portal-2/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:6:62499',
name: 'Error'
}
Am i mistaken in my understanding of the purpose of the NetSuite as OIDC Provider approach, and should I be using your approach instead? As far as I can tell it seems like you are passing the authorization and token urls/params explicitly and using a custom RESTlet as the userinfo url. For the authorization params, scope is set to 'restlets rest_webservices', which also differs from the documentation that I followed which only lists 'openid' and 'email' as supported scopes.
For reference here is my custom provider:
{
id: 'netsuite',
name: 'NetSuite',
clientId: process.env.NS_CLIENT_ID,
clientSecret: process.env.NS_CLIENT_SECRET,
type: 'oauth',
wellKnown:
`https://${process.env.NS_ACCOUNT_ID}.suitetalk.api.netsuite.com/.well-known/openid-configuration`,
authorization: { params: { scope: 'openid email' } }, // by default only one of these is used, so i added params explicitly here
profile(profile) {
// I haven't gotten far enough to see what profile looks like yet
return profile;
},
},
Hi @mbaquerizo ! Yeah I have not had luck with the OIDC method because NetSuite is really strict with permissions and roles. You have to set up the permissions to allow users to auth this way. Which is extremely tedious. My approach utilizes OAuth 2.0 User Flow which NetSuite recommends. What is cool about this method the token returned from the profile method allows you to auth each restlet as the signed in user in the api routes using the getServerSession. Super cool! ๐
Thanks for your patience with this! It'll be available in the next releases we cut (i.e.
[email protected],@auth/[email protected], etc.), unfortunately I can't say exactly when that'll be but my best guess is within a week or two max ๐
@ndom91 Thank you for getting this in! I noticed the color is not right lol. Can you update that to be this color for the background #3a4f5f โก๏ธ #181a1b ? Then the text to #fbfbfb. Hope that can be committed directly. Thank you @ndom91! Wanna get it perfect before the release! ๐