feat(providers): add NetSuite OAuth Provider

HeavenlyEntity commented 8 months ago

Add NetSuite OAuth 2.0 Provider so users can use this integration with their NetSuite Account. Documentation has been added along with PNG of logo to render on Sign In. Additionally added to issue template.

NOTE:

It's a good idea to open an issue first to discuss potential changes.

Please make sure that you are NOT opening a PR to fix a potential security vulnerability. Instead, please follow the Security guidelines to disclose the issue to us confidentially.

☕️ Reasoning

Add NetSuite OAuth provider for new and existing users looking to get started with integrating NetSuite using Auth.js! Lots of people and low documentation out there to help users create such compatibility. This will be the plug-n-play for those using NetSuite as there backend database provider / ERP System. 🎉 - Please let me know if I can make any adjustments!

🧢 Checklist

[x] Documentation
[x] Tests
[x] Ready to be merged

🎫 Affected issues

None ✅

📌 Resources

vercel[bot] commented 8 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
auth-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 30, 2024 3:09pm

1 Ignored Deployment

vercel[bot] commented 8 months ago

@HeavenlyEntity is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

HeavenlyEntity commented 7 months ago

When will new providers be considered to be added? This one I do have working in a production environment. Let me know if there is anything I need to do on my side or how I can help you guys to speed up the process. 🚀

HeavenlyEntity commented 6 months ago

Hello @ThangHuuVu I see the new docs are looking great! Let me know how I can add the NetSuite doc instructions into the list of providers. Provide me with any new links to instructions on this would be great. Thank you!

HeavenlyEntity commented 3 months ago

Hello @ndom91 👋🏼 ! I have went ahead and removed the token arg from the example and reformatted the documentation. Unfortunately with NetSuite they do not supply an out-of-the-box callback for us so users would have to create their own RESTlet callback utilizing N/runtime. I can provide an example if needed. Looking forward to your reply!

ndom91 commented 3 months ago

Hello @ndom91 👋🏼 ! I have went ahead and removed the token arg from the example and reformatted the documentation. Unfortunately with NetSuite they do not supply an out-of-the-box callback for us so users would have to create their own RESTlet callback utilizing N/runtime. I can provide an example if needed. Looking forward to your reply!

Yeah an example would be great then, thanks!

ndom91 commented 3 months ago

Also it seems like something got out of whack here. Maybe your source branch just needs to be updated with main, but oddly Github isn't offering the 1-click "update to 'main'" option, you'll have to do it manually

HeavenlyEntity commented 3 months ago

@ndom91 I have updated the branch and provided an example of the RESTlet that needs deployed in the NetSuite account to use as a callback. I have specified additional instructions for NetSuite users who are not familiar with the deployment process. Let me know if there are any additional adjustments needed. 🤝

ndom91 commented 3 months ago

@HeavenlyEntity hmm there's still something wrong. The changes to apps/dev/sveltekit/src/auth.ts and .github/workflows/release.yml and the .github/ISSUE_TEMPLATE/3_bug_adapter.yml shouldn't be included here, for example.

Those were updates we made and merged into main a while ago. That's why i was thinking that your source branch is just out of date, however normally github offers a 1-click update source branch button which isn't the case here atm

socket-security[bot] commented 3 months ago

No dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No dependency changes detected in pull request

HeavenlyEntity commented 3 months ago

@ndom91 Branch is fixed and up-to-date! ⬆️

ndom91 commented 3 months ago

Sorry, shuoldn't have approved it so quickly, there are a few bigger things we need to clean up..

Also would you mind if I push a commit to your branch myself? Just cleaning up some of the text copy / wording?

HeavenlyEntity commented 3 months ago

Sorry, shuoldn't have approved it so quickly, there are a few bigger things we need to clean up..

Also would you mind if I push a commit to your branch myself? Just cleaning up some of the text copy / wording?

That is fine @ndom91 😊. I would encourage you to reach out if you have any questions regarding NetSuite. I can address those over email. So we're not clogging up the PR conversation 😂.

Looking at your review comments I will take a look at those later this evening 🦾. Thank you for the feedback.

HeavenlyEntity commented 3 months ago

@ndom91 Is there a specific profile schema model that needs followed? I'd like to return the default runtime of the current user as the default making it even easier for people to integrate.

// ...
profile(profile) {
      // This is the default runtime.getCurrentUser() object returned from the RESTlet or SUITELet

  return {
    id: profile.id,
    name: profile.name,
    email: profile.email,
    location: profile.location,
    role: profile.role,
    contact: profile?.contact
  }
},

// ...

ndom91 commented 1 month ago

Thanks for your patience with this! It'll be available in the next releases we cut (i.e. next-auth@5.0.0-beta.18, @auth/sveltekit@1.0.2, etc.), unfortunately I can't say exactly when that'll be but my best guess is within a week or two max :pray:

mbaquerizo commented 1 month ago

@HeavenlyEntity @ndom91 thanks for adding this provider! I have been trying to add NetSuite as a custom provider to my next.js app for a couple of days before I came across this PR. I have been unsuccessful and next-auth's errors aren't providing much help.

But I wanted to ask how you determined the NetSuite documentation to follow to get this to work? I'm asking because I assumed I could go the route of NetSuite as OIDC provider, following this documentation: https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/chapter_160077062690.html

The main difference in my approach was passing in the wellKnown url, which contains the authorization, token, and even userinfo url ({issuer}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/userinfo). I'm able to get to the NetSuite login screen, grant consent, and login. But I am getting an oauth callback error that looks like the following:

https://next-auth.js.org/errors#oauth_callback_error invalid_request {
  message: 'invalid_request',
  stack: 'Error: invalid_request\n' +
    '    at oAuthCallback (webpack-internal:///(rsc)/./node_modules/next-auth/core/lib/oauth/callback.js:56:23)\n' +
    '    at Object.callback (webpack-internal:///(rsc)/./node_modules/next-auth/core/routes/callback.js:18:107)\n' +
    '    at AuthHandler (webpack-internal:///(rsc)/./node_modules/next-auth/core/index.js:202:51)\n' +
    '    at async NextAuthRouteHandler (webpack-internal:///(rsc)/./node_modules/next-auth/next/index.js:50:30)\n' +
    '    at async NextAuth._args$ (webpack-internal:///(rsc)/./node_modules/next-auth/next/index.js:85:24)\n' +
    '    at async /Users/matthewbaquerizo/Projects/Arch Painting/vendor-portal-2/node_modules/next/dist/compiled/next-server/app-route.runtime.dev.js:6:62499',
  name: 'Error'
}

Am i mistaken in my understanding of the purpose of the NetSuite as OIDC Provider approach, and should I be using your approach instead? As far as I can tell it seems like you are passing the authorization and token urls/params explicitly and using a custom RESTlet as the userinfo url. For the authorization params, scope is set to 'restlets rest_webservices', which also differs from the documentation that I followed which only lists 'openid' and 'email' as supported scopes.

For reference here is my custom provider:

  {
      id: 'netsuite',
      name: 'NetSuite',
      clientId: process.env.NS_CLIENT_ID,
      clientSecret: process.env.NS_CLIENT_SECRET,
      type: 'oauth',
      wellKnown:
        `https://${process.env.NS_ACCOUNT_ID}.suitetalk.api.netsuite.com/.well-known/openid-configuration`,
      authorization: { params: { scope: 'openid email' } }, // by default only one of these is used, so i added params explicitly here
      profile(profile) {
        // I haven't gotten far enough to see what profile looks like yet
        return profile;
      },
    },

HeavenlyEntity commented 3 weeks ago

Hi @mbaquerizo ! Yeah I have not had luck with the OIDC method because NetSuite is really strict with permissions and roles. You have to set up the permissions to allow users to auth this way. Which is extremely tedious. My approach utilizes OAuth 2.0 User Flow which NetSuite recommends. What is cool about this method the token returned from the profile method allows you to auth each restlet as the signed in user in the api routes using the getServerSession. Super cool! 🚀

HeavenlyEntity commented 3 weeks ago

Thanks for your patience with this! It'll be available in the next releases we cut (i.e. next-auth@5.0.0-beta.18, @auth/sveltekit@1.0.2, etc.), unfortunately I can't say exactly when that'll be but my best guess is within a week or two max 🙏

@ndom91 Thank you for getting this in! I noticed the color is not right lol. Can you update that to be this color for the background #3a4f5f ➡️ #181a1b ? Then the text to #fbfbfb. Hope that can be committed directly. Thank you @ndom91! Wanna get it perfect before the release! 🚀

nextauthjs / next-auth