Skip to content
Migrating from NextAuth.js v4? Read our migration guide.
Getting Started


To be released in next-auth@5.0.0-beta.18



Callback URL

NetSuite does not support http:// callback URLs. When testing locally, you can use a service like ngrok to get a local https URL.

Environment Variables



Before setting up the provider, you will need to ensure the following is setup.

  • Create an Integration Record
    • Uncheck the TBA Auth Flow checkbox.
    • Check OAuth 2.0 Auth Flow checkbox.
    • Copy and paste the Callback URL below into the Redirect URI field.
    • Then select the scope(s) you want to use.
      • REST Web Services (rest_webservices) - Access to REST Web Services.
      • RESTlets(restlets) - Access to RESTLets.
      • SuiteAnalytics Connect (suiteanalytics_connect) - Access to SuiteAnalytics Connect.
    • Add any policies you want to use.
      • Application Logo (Optional) (Shown to users when they are asked to grant access to your application). - Consent Screen
      • Application Terms of Use (Optional) - A PDF file that contains the terms of use for your application. - Consent Screen
      • Application Privacy Policy (Optional) - A PDF file that contains the privacy policy for your application. - Consent Screen
    • OAuth 2.0 Consent Policy Preference - This setting determines whether the user is asked to grant access to your application every time they sign in or only the first time they sign in or never.
    • Save the Integration record.
    • The Integration record will be used to generate the clientId and clientSecret for the provider. Save the generated values for later

Userinfo RESTLet Handler

To use this provider, you’ll need to create a userinfo RESTlet in your NetSuite instance. Our userinfo URL needs to be a suitelet or RESTLet URL that gives us the information about the user. The best bet is to use the N/runtime module to get the basics first. - Here is an example of a RESTlet below. Be sure to deploy and enable access to “All Roles”.

Be sure to deploy and use the external RESTLet url of any usage of the URIs.

 * @NApiVersion 2.1
 * @NScriptType Restlet
 (runtime) => {
 * Defines the function that is executed when a GET request is sent to a RESTlet.
 * @param {Object} requestParams - Parameters from HTTP request URL; parameters passed as an Object (for all supported
 *     content types)
 * @returns {string | Object} HTTP response body; returns a string when request Content-Type is 'text/plain'; returns an
 *     Object when request Content-Type is 'application/json' or 'application/xml'
 * @since 2015.2
  const get = (requestParams) => {
    let userObject = runtime.getCurrentUser();
    try {
      log.debug({ title: "Payload received:", details: requestParams });
      const { id, name, role, location, email, contact } = userObject;
      log.audit({ title: "Current User Ran", details: name });
      let user = {
      log.debug({ title: "Returning user", details: user });
      return JSON.stringify(user);
    } catch (e) {
      log.error({ title: "Error grabbing current user:", details: e });
  return {

Above is an example of returning the basic runtime information. Be sure to create a new script record and deployment record. When you save the deployment record, you will get the URLs for your RESTlet, which we will use as the userinfo URL.

Example Usage

import NextAuth from "next-auth"
import NetSuite from "next-auth/providers/netsuite"
export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [
      clientId: process.env.AUTH_NETSUITE_ID,
      clientSecret: process.env.AUTH_NETSUITE_SECRET,
      issuer: process.env.AUTH_NETSUITE_ACCOUNT_ID, // EX: TSTDRV1234567 or 81555 for prod, and 1234567-SB1 for Sandbox accounts not "_" use "-".
      // Returns the current user using the N/runtime module. This url can be a suitelet or RESTlet (Recommended)
      // Using getCurrentUser(); So we match this schema returned from this RESTlet in the profile callback. (Required)
      // Optional
      prompt: "login", // Required if you want to force the user to login every time.
      scope: "restlets", // Optional defaults to "restlets rest_webservices". Enter the scope(s) you want to use followed by spaces.
Auth.js © Balázs Orbán and Team - 2024