UNPKG

@suiteinsider/netsuite-mcp

Version:

NetSuite MCP server with OAuth 2.0 PKCE authentication. Works seamlessly with Claude Code, Cursor IDE, and other MCP clients.

github.com/dsvantien/netsuite-mcp-server

dsvantien/netsuite-mcp-server

106 lines (89 loc) 3.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import axios from 'axios'; /** * NetSuite OAuth token exchange utilities * Handles token exchange and refresh operations */ /** * Exchange authorization code for access/refresh tokens * @param {string} code - Authorization code from OAuth callback * @param {Object} config - Configuration with accountId, clientId, redirectUri * @param {string} codeVerifier - PKCE code verifier * @returns {Promise<Object>} Token response */ export async function exchangeCodeForTokens(code, config, codeVerifier) { const tokenUrl = `https://${config.accountId}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token`; // CRITICAL: For Public Client with PKCE - all params in body, NO Authorization header const params = { grant_type: 'authorization_code', code: code, redirect_uri: config.redirectUri, client_id: config.clientId, code_verifier: codeVerifier }; console.error('🔄 Exchanging authorization code for tokens...'); try { const response = await axios.post(tokenUrl, new URLSearchParams(params), { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }); const tokens = { access_token: response.data.access_token, refresh_token: response.data.refresh_token, expires_in: response.data.expires_in, expires_at: Date.now() + (response.data.expires_in * 1000), accountId: config.accountId, clientId: config.clientId }; console.error('✅ Tokens obtained successfully'); return tokens; } catch (error) { console.error('❌ Token exchange error:', error.response?.data || error.message); throw new Error(`Failed to exchange authorization code: ${error.response?.status || error.message}`); } } /** * Refresh access token using refresh token * @param {Object} tokens - Current tokens with refresh_token, accountId, clientId * @returns {Promise<Object>} New tokens */ export async function refreshAccessToken(tokens) { const { refresh_token, accountId, clientId } = tokens; const tokenUrl = `https://${accountId}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token`; // For Public Client: include client_id in body const params = { grant_type: 'refresh_token', refresh_token: refresh_token, client_id: clientId }; console.error('🔄 Refreshing access token...'); try { const response = await axios.post(tokenUrl, new URLSearchParams(params), { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }); const newTokens = { ...tokens, access_token: response.data.access_token, refresh_token: response.data.refresh_token || refresh_token, expires_in: response.data.expires_in, expires_at: Date.now() + (response.data.expires_in * 1000) }; console.error('✅ Token refreshed successfully'); return newTokens; } catch (error) { console.error('❌ Token refresh failed:', error.response?.data || error.message); throw new Error('Failed to refresh access token. Please re-authenticate.'); } } /** * Check if token needs refresh (expires in less than 5 minutes) * @param {Object} tokens - Tokens with expires_at field * @returns {boolean} */ export function shouldRefreshToken(tokens) { const timeUntilExpiry = tokens.expires_at - Date.now(); const fiveMinutes = 5 * 60 * 1000; return timeUntilExpiry < fiveMinutes; }