cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
MiguelGR
Frequent Visitor

NetSuite Custom Connector via OAuth 2.0

I'm trying to create a REST Web Services custom connector to NetSuite, using the following security settings: 

 

Identity Provider: Generic Oauth 2

Authorization URL: https://********.app.netsuite.com/app/login/oauth2/authorize.nl

Token URL: https://********.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token

Refresh URL: https://********.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token

Scope: rest_webservices

Redirect URLhttps://global.consent.azure-apim.net/redirect

 

In NetSuite's side I created the necessary Oauth 2.0 role and integration. When I try to connect it opens a browser window for me to login to my user, and it correctly authenticates. The connection works for the first 60 minutes, but then Power Automate is supposed to refresh the token by using the Refresh URL, which is answered by NetSuite with a "BadRequest" error, followed by an "AccessTokenExpired" error. This can only be solved by manually re authenticating the connection in the browser, which is of course not practical. 

 

I went through this issue with NetSuite's support but they seem to think it's a problem with Power Automate. 

 

Has anyone been able to successfully keep the authentication working for more than 60 minutes? 

19 REPLIES 19
abm
Super User III
Super User III

Hi @MiguelGR 

 

Interesting question? May I ask you why you got a process running more than 60 minutes?

 

Thanks

 



Did I answer your question? Mark my post as a solution!

If you liked my response, please consider giving it a thumbs up


Proud to be a Flownaut!

Learn more from my blogPower Automate Video Tutorials
MiguelGR
Frequent Visitor

@abm The issue happens when the flow is triggered after 60 minutes have passed since the initial browser authentication. This happens because OAuth 2.0 initially gives you a token that's valid for only 60 minutes. Then the client is supposed to use the refresh URL to get a new token. And that's when Power Automate get a BadRequest error. After that the flow stops working because the initial token is expired. 

abm
Super User III
Super User III

Hi @MiguelGR 

 

My understanding is when the token expires you need to capture the error and request to the token endpoint using the refresh token it previously received, and will get back a new access token it can use to retry the original request.

 

To use the refresh token, make a POST request to the service’s token endpoint with grant_type=refresh_token, and include the refresh token as well as the client credentials.

 

The response will be a new access token, and optionally a new refresh token, just like you received when exchanging the authorization code for an access token.

 

Looks like you got a flow which using the connector and running for more than 60 minutes so that means you need to capture the error handling inside flow to get next request for the refresh token. 

 

Reference: https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/

 

Thanks

 

 



Did I answer your question? Mark my post as a solution!

If you liked my response, please consider giving it a thumbs up


Proud to be a Flownaut!

Learn more from my blogPower Automate Video Tutorials
MiguelGR
Frequent Visitor

 Thank you @abm, but I believe that would only be necessary if I was handling the OAuth2 authentication myself.  But Power Automate supports OAuth2 natively, and takes care of refreshing the token from the service’s token endpoint

abm
Super User III
Super User III

Hi @MiguelGR 

 

Agreed it should have been nice if it was automatically authenticates but looks like the error you are getting says that token is expired. If you compare with standard or signed third party connector might handle that. The custom connectors  still have gaps compared to standard connectors. I have seen other posts related to standard vs custom connectors which some of the behaviours are different.

 

Alternate solution which I can think is capture the error handling in your next step and authenticate again. Is that a possibility?

 

Thanks



Did I answer your question? Mark my post as a solution!

If you liked my response, please consider giving it a thumbs up


Proud to be a Flownaut!

Learn more from my blogPower Automate Video Tutorials
MiguelGR
Frequent Visitor

@abm Unfortunately handling the error in the next step and trying to authenticate again just results on the same bad request error when the flow tries to refresh the token. 

 

To clarify, the problem is not the token being expired. The problem is that NetSuite doesn't accept the flow's request to refresh the token, returning a bad request error. As a consequence the token it tries to use to authenticate is expired, but that's expected after failing to refresh it. 

abm
Super User III
Super User III

Hi @MiguelGR 

 

Thanks for the update. Could you raise this with MS Support?  Hopefully support could reveal more on this.

 

Thanks



Did I answer your question? Mark my post as a solution!

If you liked my response, please consider giving it a thumbs up


Proud to be a Flownaut!

Learn more from my blogPower Automate Video Tutorials

I have raised the issue with MS Support, and mentioned that it could be a problem affecting all Generic OAuth 2 Identities.

Any update on this?

I'm still going back and forth with support but I guess I reached the attention of a level 2 support person who is now evaluating my custom connector.

 

I don't know what they'll come back with, but maybe there's a bug in saving the refresh url on the security details page, or maybe they could come back with how to edit the Swagger2.0 Source Code. I feel like this error on refreshing the OAuth 2.0 token is either a problem that affects all generic OAuth2.0 connections, or it's a NetSuite problem. They are currently reviewing a couple HAR files from my browser console to see what the request looks like after the token expired.

Thanks for this work. Any update?

Stay safe!

jamms
New Member

do you guys have an update? we are in the same boat right now, ran into this article it was the exact problem we're facing right now. appreciate if you can share something! thanks a lot!

Nothing has been fixed as far as I know.

 

We had to use an Azure function based on Python code to generate the Tokens.  It is nearly impossible to try to create them in any repeatable way, We tried everything.  The caveats to generating the token are endless and very annoying.  The Refresh token for OAuth 2.0 would be great if it works, but for us, it still is broken.

@bcampbell13 the token generation using Azure function, did you do it using Flow/Power Automate? or that's an external thing.

If you create it in Flow/PA, would you be able to share?

 

I'm facing similar issue, and been thinking to create a scheduler script that will request for a refresh token (and save the refresh token in sharepoint file)

 

Thanks

Hi @ReaganRogers 

 

As per discussion on a different thread.

Unfortunately, I'm having an issue with the refresh token too; I have also tried to disable the MFA setting on the NetSuite account too but it still failed. 

 

I have raised a support ticket with Ms Support, their initial analysis is because the auth and refresh URLs are the same; I'm still yet to get a further response from Ms Support; once they find a resolution to this; I'll let you know.

 

In the interim, I found this article https://medium.com/@mgr/how-to-connect-to-netsuite-from-microsoft-power-automate-using-oauth-1-0-1d7... ; which I have a strong feeling this might have been written by @MiguelGR 

Thanks for the quick responses. I will also let you know if I find a solution. 

 

Reagan

Unfortunately, I don't have a write-up, but I tried the method that @MiguelGR  posted.  It was key to get me in the right direction, but I was not able to implement it the way the article said, there is just too much variability with generating tokens and failed more often then it worked.

 

In the end, I took the framework that the article laid out and built an azure function with python code (Requests-OAuthLib ) and it works very well to generate a token.

coupjames
Regular Visitor

Also experiencing the same issue.

 

@bcampbell13  would you be able to share your Python code for generating the token? I have previously tried implementing oauth1 in Azure using @MiguelGR method and others online but was never able to get it to work.

Aysan
Helper II
Helper II

I have the same issue 😞 using postman redirect URL, works on the postman, not the Azure 

https://global.consent.azure-apim.net/redirect

Helpful resources

Announcements
MPA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

V3_PVA CAmpaign Carousel.png

Community Challenge - Giveaways!

Participate in the Power Virtual Agents Community Challenge

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

PowerPlatform 768x460.png

Microsoft Learn

Check out our new Discover Your Career Path blog post series and get all the details.

Users online (2,444)