Skip to content
Migrating from NextAuth.js v4? Read our migration guide.
API reference


Built-in NetSuite integration.




optional contact: number;


optional department: number;


email: string;


id: number;


location: number;


name: string;


role: number;


optional roleCenter: string;


optional roleId: string;


optional subsidiary: number;




accountID: string;

EX: TSTDRV1234567 or 81555 for prod


prompt: string;

The prompt options - also viewable below



The optional prompt parameter provides additional control of when the login/consent screen appears. Following are the values you can use with the prompt parameter: “none” - the consent screen does not appear. If there is no active session, the application returns an error. “login” - the user must authenticate even if there is an active session. This option only works if the application sends the request to the account-specific domain. “consent” - the consent screen appears every time. The user must authenticate if there is no active session. login consent or consent login - the consent screen appears every time, and the user must authenticate even if there is an active session and allow the connection to the NetSuite. Similar to GitHub, Google, and Facebook data consent screens.


scope: string;

restlets rest_webservices or restlets or rest_webservices suiteanalytics_connect restlets


userinfo: string;

Either a restlet or suitelet returning runtime info or record info -> RESTlet recommended


default<P>(config): OAuthConfig<P>

Add Netsuite login to your page and make requests to:



By using this provider, you consent to sharing your data with NetSuite. By using this provider we assume you comply with NetSuite’s Terms of Service and Privacy Policy. The author of this provider is not affiliated with NetSuite. Proceeding with this provider you must be a NetSuite customer and have a NetSuite account (Full access user). Ensure the OAuth 2.0 Feature is enabled in your NetSuite account with the proper permissions set up on the current role/user

Before setting up the provider, you will need to:

  • Create an Integration Record
    • Uncheck the TBA Auth Flow checkbox.
    • Check OAuth 2.0 Auth Flow checkbox.
    • Copy and paste the Callback URL below into the Redirect URI field.
    • Then select the scope(s) you want to use.
      • REST Web Services (rest_webservices) - Access to REST Web Services.
      • RESTlets(restlets) - Access to RESTLets.
      • SuiteAnalytics Connect (suiteanalytics_connect) - Access to SuiteAnalytics Connect.
    • Add any policies you want to use.
      • Application Logo (Optional) (Shown to users when they are asked to grant access to your application). - Consent Screen
      • Application Terms of Use (Optional) - A PDF file that contains the terms of use for your application. - Consent Screen
      • Application Privacy Policy (Optional) - A PDF file that contains the privacy policy for your application. - Consent Screen
    • OAuth 2.0 Consent Policy Preference - This setting determines whether the user is asked to grant access to your application every time they sign in or only the first time they sign in or never.
    • Save the Integration record.
    • The Integration record will be used to generate the clientId and clientSecret for the provider. Save the generated values for later

Callback URL


When setting the Redirect URI in the Integration record, you must use the https protocol. Otherwise, you will get an error when trying to sign in. (INVALID_LOGIN_ATTEMPT). If you are testing locally, you can use a service like ngrok to create a secure tunnel to your localhost.

Our userinfo needs to compose of a suitelet or RESTLet url that gives us the information about the user. This has to be very fast in which the handshake profile gather execution can’t take long. The best bet is to use the N/runtime module to get the basics first. - Here is an example of a RESTlet below. Be sure to deploy and enable access to “All Roles”.

Example RESTLet Callback Handler

Be sure to deploy and use the external RESTLet url of any usage of the URIs.

* /**
* @NApiVersion 2.1
* @NScriptType Restlet
define(["N/runtime"], /**
 @param{runtime} runtimee
/ (runtime) => {
  * Defines the function that is executed when a GET request is sent to a RESTlet.
  * @param {Object} requestParams - Parameters from HTTP request URL; parameters passed as an Object (for all supported
  *     content types)
  * @returns {string | Object} HTTP response body; returns a string when request Content-Type is 'text/plain'; returns an
  *     Object when request Content-Type is 'application/json' or 'application/xml'
  * @since 2015.2
  const get = (requestParams) => {
    let userObject = runtime.getCurrentUser();
    try {
      log.debug({ title: "Payload received:", details: requestParams });
      const { id, name, role, location, email, contact } = userObject;
      log.audit({ title: "Current User Ran", details: name });
      let user = {
      log.debug({ title: "Returning user", details: user });
      return JSON.stringify(user);
    } catch (e) {
      log.error({ title: "Error grabbing current user:", details: e });
  return {

Note: Above is an example of returning the basic runtime information. Be sure to create a new script record and deployment record. Upon saving the deployment record. We will get our URLs for our RESTlet.


import { Auth } from "@auth/core"
import Netsuite from "@auth/core/providers/netsuite"
const request = new Request(origin)
const response = await Auth(request, {
  providers: [
        accountID: NETSUITE_ACCOUNT_ID, // EX: TSTDRV1234567 or 81555 for prod, and 1234567-SB1 for Sandbox accounts not "_" use "-".
       // Returns the current user using the N/runtime module. This url can be a suitelet or RESTlet (Recommended)
       // Using getCurrentUser(); So we match this schema returned from this RESTlet in the profile callback. (Required)
        userinfo: "",




Make sure the userinfo matches the return type of the profile callback to ensure the user session gets read correctly. To override the defaults for your use case, check out customizing a built-in OAuth provider.

Type parameters

Type parameter
P extends NetSuiteProfile


configOAuthUserConfig<P> & OAuthNetSuiteOptions



Auth.js © Balázs Orbán and Team - 2024