Getting the Authentication String
Depending on the flow that you are using, do one of the following:
-
Authorization Code Grant flow– The OAuth 2.0 authorization code grant flow consists of two steps, an additional refresh token request, and a request to the revoke token endpoint. For more information about how you can get the access token, see OAuth 2.0 Authorization Code Grant Flow.
-
Client Credentials flow – You need to generate an authentication string by sending a request to the token endpoint. If the request is valid, the token endpoint returns the authentication string. For more information, see OAuth 2.0 Client Credentials Flow.
You can get an authentication token using a Python request. See the following example:
#! /usr/bin/env python3 import requests import logging from pathlib import Path import datetime import jwt # PyJWT GRANT_TYPE = "client_credentials" CLIENT_ASSERTION_TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer' CLIENT_ID = "<CLIENT_ID>" TOKEN_ENDPOINT_URL = "https://<COMPID>.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token" CONNECT_ENDPOINT_URL = "https://<COMPID>.connect.api.netsuite.com/services/rest/auth/oauth2/v1/token" CERTIFICATE_ID = "<CERTIFICATE_ID_GENERATED_WHEN_UPLOADED_TO_NS>" CERTIFICATE_KEY_FILE = Path("certificates/key.pem") SCOPES = ['SuiteAnalytics'] def main(): now = datetime.datetime.now() payload = { 'iss': CLIENT_ID, 'scope': SCOPES, 'aud': CONNECT_ENDPOINT_URL, 'iat': now.timestamp(), 'exp': now + datetime.timedelta(hours=1), } private_key = CERTIFICATE_KEY_FILE.read_bytes() jwt_assertion = jwt.encode(payload, private_key, algorithm="PS256", headers={'kid': CERTIFICATE_ID}) data = { 'grant_type': GRANT_TYPE, 'client_assertion_type': CLIENT_ASSERTION_TYPE, 'client_assertion': jwt_assertion, } resp = requests.post(TOKEN_ENDPOINT_URL, data=data) data = resp.json() logging.debug("Received '%s'[%d]: %s", TOKEN_ENDPOINT_URL, resp.status_code, resp.raw) assert data["access_token"] if __name__ == '__main__': main()
After the command has returned the authentication string, take note of it.
After you generated the authentication string, add the OAuth2Token
attribute in your driver configuration, and include the authentication string as the value of the new attribute. For more information, see Setting the OAuth2Token Attribute.