Hello and thank you in advance for any assistance
I am new to auth0, and I am currently doing the following implementation as in the following:
Actors:
- ExpenseBot (NetSuite client)
- Auth/Token Store
- NetSuite Auth Endpoint
Workflow:
-
ExpenseBot → Auth/Token Store: getAccessToken()
-
Auth/Token Store:
- Check cached token and its expiry time
3a) If cached token is still valid:
Auth/Token Store → ExpenseBot: return cached token (still valid)
3b) If cached token is expired:
Auth/Token Store → NetSuite Auth Endpoint: POST /oauth2/token (refresh token)
-
NetSuite Auth Endpoint → Auth/Token Store:
- returns new access_token (+ expires_in)
-
Auth/Token Store:
- persist new token in secure store
-
Auth/Token Store → ExpenseBot:
To explain the case, basically we have a backend agent that processes information that later needs to be submited into netsuite, in the middle we want to implement oauth0 to handle the token management, as shown in the picture.
I am not exactly sure what steps I need to follow to achieve this. Currently after going through the docs I have this in mind:
create we app
define api
possibly a user identity?
Create a NetSuite OAuth2 Connection + Enable Token Vault
Enable My Account API
complement with the backend implementation for token interaction with oauth0
these are the steps that I am considering at the moment. would like to get some guidance to success with the use of auth0 best practices for this workflow.
Thanks again!
Hi @victor10
Welcome to the Auth0 Community!
I have moved your post to the Dev to Dev Hub category since it is better suited here then the Get Help one, I will reply shortly with some implementation guidance regarding the matter!
Kind Regards,
Nik
1 Like
Hi @nik.baleca
Awesome! Thank you for moving the post I will keep in mind for future ocassions.
Thank you in advance for your support!
Gratefully,
Victor
Hi again @victor10
No worries, since the topic focuses more on technical implementation and general guidance, it would fall into this category. There is no issue if it is posted somewhere else, we will take care of that nonetheless.
Otherwise, let us start talking about the implementation that you mentioned.
If the ExpensesBot that you are talking about is your backend logic/agent and not an API, you would need to register it as a Machine to Machine application inside the Dashboard. Because it is a backend agent for your application, it will basically communicate on your behalf in order to accomplish certain tasks. If this would have been an API in order to complete certain tasks ordered for your application, you would register it as an API.
Regarding the Auth/Token Store, even though you have explained what you wish this to accomplish, I am not quite sure what exactly are you looking to accomplish. If you are going to integrate Auth0 into your application, it will take care of the token management, provisioning and exchange on your behalf. The setting related to the expiration and lifetime are easily accessible within the Dashboard and such information is also forwarded inside the tokens, even for Machine to Machine applications.
Do you wish to store these credentials separately inside your application or to store them in a separate store by any chance? If so, you will be able to read this information once Auth0 issued the tokens and store them accordingly for further use.
Also, if you wish for your backend to handle authentication on behalf of your users, that is also possible with the appropriate flow.
What do you exactly mean by NetSuite Auth Endpoint? Is this an external IdP which you wish to integrate with Auth0? If so, this is possible by creating an enterprise connection and your users will be able to authenticate against it and have the proper tokens returned + having an Auth0 identity created.
Basically, you would need the following things:
- Register your application within Auth0 (Either SPA or Regular Web App)
- Register your applications API
- Register your application’s backend as a Machine to Machine Application if applicable and select your API and the necessary scopes to complete its tasks. You will be able to access and store the token information if necessary once the transaction is completed.
- Create a user store specific to the application(you can also use the default one but it is recommended to create a separate database)
- Enable the token vault as you have mentioned to secure the NetSuite tokens
- My Account API is currently is limited early access, you should be able to configure everything without it for the time being if it is not available for your tenant.
- If you are looking to integrate NetSuite as a connection for your users, you would need to configure Auth0’s public key or certificate on NetSuite’s end.
If there is anything else I have missed regarding the matter or if I can help with anything else/any other questions.
Kind Regards,
Nik