How to get Access Token using JWT in Netsuite (Oauth 2 Integration)

In this post we will learn how to connect your NetSuite to Google APIs. In order to connect Netsuite to Google drive or Excel or any Google Application you need to first authenticate your app using Oauth 2.0 server to server communication.

To have server to server communication you need to create service account in Google Cloud console

Once you have created a service account you need to generate private keys

To do that just click on the email link

Once you have created the private keys now we can start coding

We will use a third party library to generate JWT

You can visit this page to download the library https://kjur.github.io/jsrsasign/

After downloading and extracting the zip file look for this file jsrsasign-all-min.js

Now we need to make some changes to this file to make it work with Netsuite

Add these three objects at the beginning of the file

var navigator={
    appName:"Microsoft Internet Explorer"
};
var window={};

var KJUR={};

Now upload this file in Netsuite file cabinet SuiteScript folder

In order to make this library work with Suitescript 2.0 we need to define NAMD confi

Create a config.json file and paste this

{
    "paths": {
        "rsasign": "SuiteScripts/jsrsasign-all-min.js"
    },
    "shim":{
        "rsasign": {
            "exports": "KJUR"
        }
    }
}

after creating this file put it in same suitescrpt folder of file cabinet

Now use the below code to generate JWT and Access Tokens

/**
* @NApiVersion 2.x
* @NScriptType UserEventScript
* @NAmdConfig  /SuiteScripts/config.json
*/

define(['N/https','rsasign'], function (https,rsasign) {

    function afterSubmit() {
            var privateKey ="-----BEGIN PRIVATE KEY-----Your Private Key here n-----END PRIVATE KEY-----n";            
            privateKey =privateKey.replace(/n/g,' ');

            const iss = "google-netsuite-service-accoun@avid-atlas-378794.iam.gserviceaccount.com"; // service account email
            const scope = "https://www.googleapis.com/auth/prediction";
            const aud = "https://oauth2.googleapis.com/token";
            const EXPIRATION = 60 * 60 // 1 hour

            // prepare claimset

            const claimSet ={
              "iss": iss,
              "scope": scope,
              "aud": aud,
              'exp': Math.round(new Date().getTime() / 1000) + EXPIRATION,
              "iat": Math.round(new Date().getTime() / 1000)
            };

            const header = KJUR.jws.JWS.readSafeJSONString(JSON.stringify({"alg":"RS256","typ":"JWT"}));

            // generate JSON web token

            const jwt = KJUR.jws.JWS.sign(null, header, JSON.stringify(claimSet), privateKey);

            log.debug({
                          title: 'jwt',
                          details: jwt
                        });

            // send jwt to receive access token

            const body ={
                'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
                'assertion':jwt
            }

            const response = https.post({
                url: aud,
                body: JSON.stringify(body),
                headers: {'Content-Type': 'application/json'}                
            });


                        log.debug({
                         title: 'response',
                         details: response.body
                        });

            const accessToken = response.access_token;

    }

    return {
        afterSubmit: afterSubmit
        };

});

SuiteScript 2.0 code

Now deploy this code in Userevent after submit and it will generate Access tokens for you. Using that access tokens you can transfer data from Netsuite to Google APIs

When we edit and save a record this userevent script will trigger and it will give us access_token as shown in above logs

Did you find this article valuable?

Support DevAnurag - NetSuite Developer by becoming a sponsor. Any amount is appreciated!