通过OAuth访问NetSuite RESTlet [英] Reach a NetSuite RESTlet via OAuth
问题描述
目标是能够使用OAuth-header而不是来自我的Java应用程序的NLAuth-header来调用RESTlet。为了实现它,我采取了以下步骤:
The goal is to be able to call RESTlets using OAuth-header instead of NLAuth-header from my Java-application. In order to achieve it I took the following steps:
-
我创建了NetSuite开发者社区帐户并获得了具有管理员权限的测试环境(domain system.na1.netsuite.com)。
I created NetSuite Developer Community Account and got a testing environment with admin access (domain system.na1.netsuite.com).
我打开了设置 - >公司 - >启用功能。然后打开SuiteCloud选项卡并在此处选中Client SuiteScript,Server SuiteScript和基于令牌的身份验证。
I opened Setup --> Company --> Enable Features. Then opened the "SuiteCloud"-tab and checked the "Client SuiteScript", "Server SuiteScript" and "Token-Based Authentication" here.
我打开了其中一个角色的编辑页面(这里称为08:检查)。在权限选项卡上,我打开了安装选项卡,并为此角色添加了以下权限:访问令牌管理,使用访问令牌登录和用户访问令牌。
I opened the edit-page of one of the roles (it is called "08: Inspection" here). On the "Permissions"-tab I opened the "Setup"-tab and added the following permissions to this role: "Access Token Management", "Log in using Access Tokens" and "User Access Tokens".
我编辑了我的帐户以获得该角色:在编辑用户时打开访问 - 选项卡,在角色选项卡上添加了该角色(08:检查) 。
I edited my account to have that role: opened "Access"-tab while editing the user and on the"Roles"-tab I added that role ("08: Inspection").
我打开了设置 - >集成 - >管理集成 - >新建并在此处创建了新应用程序(TestIntegr)。最后一页有两个字符串:Consumer Key和Consumer Secret。我将它们保存在单独的文件中。
I opened Setup --> Integration --> Manage Integrations --> New and created new application here ("TestIntegr"). The final page held two strings: Consumer Key and Consumer Secret. I saved them in my separate file.
我打开设置 - >用户/角色 - >访问令牌 - >新建并为我创建新令牌应用+用户+角色。最后一页有两个字符串:Token ID和Token Secret。我将它们保存在我的单独文件中。
I opened Setup --> Users/Roles --> Access Tokens --> New and created new token for my application+user+role. The final page held two strings: Token ID and Token Secret. I saved them in my separate file.
我使用我的测试程序生成授权标题字符串,然后在rest-client中使用此字符串(我使用了Insomnia) )到达我的虚拟沙发。得到了INVALID_LOGIN_ATTEMPT-error。
I used my test program to generate authorization header string and then used this string in rest-client (I used "Insomnia") to reach my dummy-restlet. Got "INVALID_LOGIN_ATTEMPT"-error.
在NetSuite审计日志中,我可以代表我的用户看到失败但没有角色。
In NetSuite audit-logs I can see failures on behalf of my user but without a role.
第7步的更多技术信息,下面是示例。
我用来访问虚拟重定位的URL是 https://rest.na1.netsuite.com/app/site/hosting/restlet.nl?script=546&deploy=1
The URL I used to reach my dummy-restlet was https://rest.na1.netsuite.com/app/site/hosting/restlet.nl?script=546&deploy=1
所以我生成了签名字符串(步骤5中的consumer_key和步骤6中的token):
So I generated the "signature string" ("consumer_key" from step 5 and "token" from step 6):
GET&https%3A%2F%2Frest.na1.netsuite.com%2Fapp%2Fsite%2Fhosting%2Frestlet.nl&deploy%3D1%26oauth_consumer_key%3D17840f699409f5031c22a6e4af15961e9627c168cd0ae71f9c14f71b4097a0b6%26oauth_nonce%3D1444927941574%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1444927941%26oauth_token%3Df3c29a8b2c7988e00947d8c5836ef0ff1883556d96b8beac5bbbdda001ba0292%26realm%3DTSTDRV1403065%26script%3D546
然后我使用此字符串和consumer_secret& token_secret生成签名。然后标题具有以下外观:
Then I generated "signature" using this string and "consumer_secret&token_secret". The header then had the following look:
OAuth oauth_signature="7doRJOJyV36Av4e4BBUgoOPn7Vk%3D", oauth_nonce="1444927941574", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="17840f699409f5031c22a6e4af15961e9627c168cd0ae71f9c14f71b4097a0b6", oauth_token="f3c29a8b2c7988e00947d8c5836ef0ff1883556d96b8beac5bbbdda001ba0292", oauth_timestamp="1444927941", realm="TSTDRV1403065"
然后我在我的rest-client中使用了这个头,得到了INVALID_LOGIN_ATTEMPT - 错误(而NLAuth头与这个rest-client,这个用户和这个虚拟restlet完美配合)。
Then I used this header with my rest-client and got the "INVALID_LOGIN_ATTEMPT"-error (while NLAuth header works perfectly with this rest-client, this user and this dummy-restlet).
我使用此在线工具检查了我的签名算法: http://nouncer.com /oauth/authentication.html 它使用相同的标记/时间戳/ nonce / etc显示相同的结果。我想在设置NetSuite环境(用户/角色/其他)时我错过了一些东西。另一方面,NetSuite HelpCenter说:当OAuth标头中的随机数,消费者密钥,令牌或签名无效时,将返回INVALID_LOGIN_ATTEMPT错误。
I checked my signature-algorithm with this online-tool: http://nouncer.com/oauth/authentication.html It shows the same results with the same tokens/timestamp/nonce/etc. I suppose I missed something during setting up NetSuite environment (user/role/something else). On the other side the NetSuite HelpCenter says: "An INVALID_LOGIN_ATTEMPT error is returned when the nonce, consumer key, token, or signature in the OAuth header is invalid".
请告诉我有什么问题。
推荐答案
这些步骤似乎是正确的,因为您可以获得消费者和用户密钥。
The steps seems to be correct as you are able to get consumer and user keys.
可能的错误可能出在你的java代码中。我能够使用Java代码从RESTLet获得成功的响应。我使用 Scribe-Java 作为OAuth 1a客户端库。
The probable error could be in your java code. I was able to get a successful response from a RESTLet using Java code. I used Scribe-Java as OAuth 1a client library.
以下是我的主要方法
OAuthConfig authConfig = new OAuthConfig("CONSUMER_KEY", "CONSUMER_SECRET", null, SignatureType.Header, null, null);
Token token = new Token("TOKEN_ID", "TOKEN_SECRET");
OAuth10aServiceImpl auth10aServiceImpl = new OAuth10aServiceImpl(new NetSuiteApi(), authConfig);
OAuthRequest request = new OAuthRequest(Verb.GET, "RESTLET_URL");
request.setRealm("NS_ACCOUNT_ID");
auth10aServiceImpl.signRequest(token, request);
Response response = request.send();
您还需要编写NetSuiteApi类,因为Scribe需要它。只是,一个框架开销
you will also need to write NetSuiteApi class, as it is required by Scribe. Just, a framework overhead
import org.scribe.builder.api.DefaultApi10a;
import org.scribe.model.Token;
public class NetSuiteApi extends DefaultApi10a {
@Override
public String getAccessTokenEndpoint() {
// TODO Auto-generated method stub
return null;
}
@Override
public String getAuthorizationUrl(Token arg0) {
// TODO Auto-generated method stub
return null;
}
@Override
public String getRequestTokenEndpoint() {
// TODO Auto-generated method stub
return null;
}
}
另外,请确保用户或者用户有权在其部署中执行RESTlet。
Also, make sure that the user or user's has access to execute the RESTlet in its deployment.
这篇关于通过OAuth访问NetSuite RESTlet的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
