OAuth 2.0 Authorization Code Grant Flow
You can use a redirection-based authorization code grant flow with OAuth 2.0. If there is no active session, users enter user credentials into one of the following login forms as a part of the flow.
-
A trusted NetSuite login form
-
SAML SSO Identity provider’s login form
-
OIDC OpenID Connect provider’s login form
The OAuth 2.0 authorization code grant flow consists of two steps. Additionally, you can implement refresh token request, and a request to the revoke token endpoint.
With the OAuth 2.0 authorization code grant flow, the application begins the process of granting the access token and refresh token by sending a GET request to the authorization endpoint. The user, to whom the access token and refresh token are to be granted, explicitly consents to the application accessing NetSuite through RESTlets, REST web services, or SuiteAnalytics Connect.
The Administrator must create an integration record for each application. See Create Integration Records for Applications to Use OAuth 2.0. The underlying application must have the ability to open a browser.
For more information, see RFC 6749.