Feature: Netsuite oauth provider #891
Conversation
- Implement NetSuite OAuth provider following existing patterns - Add NetSuite to standardProviders list and OAuth registry - Add netsuiteAccountId configuration field to schemas - Support NetSuite's account-specific endpoints - Include comprehensive documentation NetSuite OAuth provider supports: - OAuth 2.0 Authorization Code Grant flow - Account-specific authorization and token endpoints - User profile retrieval from NetSuite employee records - Access token validation - Configurable account ID via environment or config
|
@sicarius97 is attempting to deploy a commit to the Stack Team on Vercel. A member of the Team first needs to authorize it. |
|
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. WalkthroughAdds NetSuite as a standard OAuth provider: new NetSuiteProvider implementation, backend wiring to register/use it and include Netsuite account ID in provider payloads, project/config schema and CRUD updates to store a NetSuite account ID, and appends "netsuite" to the known provider list. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant Client
participant Backend as Backend OAuth Controller
participant Provider as NetSuiteProvider
participant NetSuite as NetSuite OAuth2
Client->>Backend: Start OAuth (provider=netsuite)
Backend->>Provider: create({ clientId, clientSecret, accountId })
Note right of Provider: Build issuer, endpoints, redirect URI, scopes
Backend->>NetSuite: Redirect user to Authorization Endpoint
NetSuite-->>Client: Login & consent
Client->>Backend: Callback with code
Backend->>NetSuite: Token request (code)
NetSuite-->>Backend: TokenSet (access_token, expires)
Backend->>Provider: postProcessUserInfo(TokenSet)
Provider->>NetSuite: GET /userinfo (Bearer)
NetSuite-->>Provider: User info JSON (incl. accountId)
Provider-->>Backend: OAuthUserInfo (accountId, email, name)
Backend-->>Client: Session established
sequenceDiagram
autonumber
participant Scheduler as Token Checker
participant Provider as NetSuiteProvider
participant NetSuite as NetSuite OAuth2
Scheduler->>Provider: checkAccessTokenValidity(accessToken)
Provider->>NetSuite: GET /services/rest/.../oauth2/v1/userinfo (Bearer)
alt 200 OK
NetSuite-->>Provider: 200 OK
Provider-->>Scheduler: true
else non-OK / error
NetSuite--x Provider: Error/Non-OK
Provider-->>Scheduler: false
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
Tip 👮 Agentic pre-merge checks are now available in preview!Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.
Please see the documentation for more information. Example: reviews:
pre_merge_checks:
custom_checks:
- name: "Undocumented Breaking Changes"
mode: "warning"
instructions: |
Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).Please share your feedback with us on this Discord post. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull Request Overview
This PR adds NetSuite as a new OAuth provider to the Stack authentication system. It enables users to authenticate using their NetSuite accounts by implementing the necessary OAuth flow and configuration.
- Adds "netsuite" to the list of standard OAuth providers
- Implements NetSuite-specific OAuth provider with account ID configuration
- Adds schema validation and configuration support for NetSuite account ID parameter
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/stack-shared/src/utils/oauth.tsx | Adds "netsuite" to standardProviders array |
| packages/stack-shared/src/schema-fields.ts | Defines schema validation for NetSuite account ID |
| packages/stack-shared/src/interface/crud/projects.ts | Adds NetSuite account ID to OAuth provider schemas |
| packages/stack-shared/src/config/schema.ts | Integrates NetSuite account ID into environment configuration |
| apps/backend/src/oauth/providers/netsuite.tsx | Implements complete NetSuite OAuth provider class |
| apps/backend/src/oauth/index.tsx | Registers NetSuite provider and handles configuration |
| apps/backend/src/lib/projects.tsx | Maps NetSuite account ID in project configuration |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR adds NetSuite as a new OAuth provider to the Stack Auth system. The implementation follows the established patterns used by other OAuth providers in the codebase, particularly those requiring additional configuration parameters like Microsoft (tenant ID) and Facebook (config ID).
The changes span multiple layers of the application:
Core Provider Implementation: A new NetSuiteProvider class extends OAuthBaseProvider with NetSuite-specific logic. The implementation handles NetSuite's unique OAuth characteristics, including account-specific endpoints (using the account ID in URLs like https://{accountId}.app.netsuite.com/app/login/oauth2/authorize.nl) and non-standard userinfo responses that can return either single records or arrays.
Schema and Configuration: The PR adds proper schema validation through oauthNetSuiteAccountIdSchema with Yup validation and OpenAPI documentation. The account ID field is integrated at the environment configuration level alongside other provider-specific parameters, with proper typing and default values.
Integration Points: NetSuite is added to the standardProviders array, making it available throughout the application wherever OAuth providers are enumerated. The provider is registered in the OAuth provider mapping with proper parameter passing for the account ID configuration.
Data Flow: The implementation includes robust user data extraction logic that handles NetSuite's variable response formats, with fallbacks for different response structures and comprehensive error handling when user information cannot be extracted.
This addition integrates seamlessly with the existing OAuth infrastructure, requiring no changes to core OAuth logic while properly handling NetSuite's enterprise-specific requirements.
Confidence score: 4/5
- This PR is generally safe to merge with good implementation following established patterns
- Score reflects the complexity of OAuth provider integration and the need for thorough testing of NetSuite-specific logic
- Pay close attention to the user data extraction logic in
apps/backend/src/oauth/providers/netsuite.tsxwhich handles multiple response formats
7 files reviewed, 1 comment
![recurseml[bot]](https://avatars.githubusercontent.com/in/1054195?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
apps/backend/src/oauth/providers/netsuite.tsx (2)
45-52: Consider adding retry logic for userinfo endpoint.The userinfo endpoint fetch doesn't have any retry logic. NetSuite APIs can sometimes have transient failures, so consider adding retry logic similar to other OAuth providers in the codebase.
113-119: Consider adding specific error handling in checkAccessTokenValidity.The current implementation returns
falsefor any error, which could hide important issues. Consider logging errors or differentiating between network failures and authentication failures.async checkAccessTokenValidity(accessToken: string): Promise<boolean> { try { const res = await fetch(`https://${this.accountId}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/userinfo`, { method: "GET", headers: { Authorization: `Bearer ${accessToken}`, "Content-Type": "application/json", }, }); return res.ok; } catch (error) { + // Log the error for debugging purposes while still returning false + console.error("Failed to validate NetSuite access token:", error); return false; } }
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (7)
apps/backend/src/lib/projects.tsx(1 hunks)apps/backend/src/oauth/index.tsx(3 hunks)apps/backend/src/oauth/providers/netsuite.tsx(1 hunks)packages/stack-shared/src/config/schema.ts(2 hunks)packages/stack-shared/src/interface/crud/projects.ts(1 hunks)packages/stack-shared/src/schema-fields.ts(1 hunks)packages/stack-shared/src/utils/oauth.tsx(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
Prefer ES6 Map over Record when representing key–value collections
Files:
packages/stack-shared/src/schema-fields.tspackages/stack-shared/src/utils/oauth.tsxpackages/stack-shared/src/interface/crud/projects.tsapps/backend/src/lib/projects.tsxapps/backend/src/oauth/index.tsxapps/backend/src/oauth/providers/netsuite.tsxpackages/stack-shared/src/config/schema.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Security Check
🔇 Additional comments (7)
packages/stack-shared/src/schema-fields.ts (1)
512-512: LGTM!The NetSuite account ID schema is properly defined with appropriate OpenAPI metadata, including a clear description and example value. The placement follows the existing pattern by being positioned after the Microsoft tenant ID schema.
packages/stack-shared/src/utils/oauth.tsx (1)
1-1: LGTM!NetSuite is correctly added to the
standardProvidersarray, maintaining alphabetical order and following the established pattern for OAuth providers.apps/backend/src/lib/projects.tsx (1)
186-186: LGTM!The NetSuite account ID is properly mapped from the provider configuration to the environment config override, maintaining consistency with other provider-specific fields like
facebookConfigIdandmicrosoftTenantId.apps/backend/src/oauth/index.tsx (1)
17-17: LGTM!NetSuite provider is correctly integrated into the OAuth system:
- Import statement follows the established pattern
- Provider is registered in the
_providersmapping- Account ID is properly passed to the provider's create method in the standard flow
Also applies to: 35-35, 83-83
packages/stack-shared/src/interface/crud/projects.ts (1)
25-25: LGTM!The
netsuite_account_idfield is correctly added to the OAuth provider read schema, following the established pattern and using the appropriate optional schema.packages/stack-shared/src/config/schema.ts (1)
205-205: LGTM!NetSuite account ID is properly integrated into the configuration schema:
- Added to the environment config schema as an optional field (line 205)
- Included in organization defaults with
undefinedas the default value (line 446)Both changes follow the established patterns for provider-specific configuration fields.
Also applies to: 446-446
apps/backend/src/oauth/providers/netsuite.tsx (1)
31-32: No change required — NetSuite OAuth endpoints are correct.
Authorization endpoint https://${accountId}.app.netsuite.com/app/login/oauth2/authorize.nl (system.netsuite.com as fallback) and token endpoint https://${accountId}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token are valid; some docs also show the token path under <ACCOUNT_ID>.app.netsuite.com.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
1 participant
Adds a new custom oauth provider for netsuite
Important
Introduces NetSuite as a new OAuth provider, updating relevant schemas and configurations to support it.
NetSuiteProviderclass innetsuite.tsxto handle OAuth with NetSuite, including token fetching and user info processing.getProvider()inindex.tsxto supportnetsuiteas a provider type.netsuiteAccountIdhandling increateOrUpdateProjectWithLegacyConfig()inprojects.tsx.netsuiteAccountIdtoenvironmentConfigSchemainschema.ts.oauthProviderReadSchemaandoauthProviderWriteSchemainprojects.tsto includenetsuite_account_id.oauthNetSuiteAccountIdSchemainschema-fields.ts.netsuitetostandardProvidersinoauth.tsx.This description was created by
for 47025b5. You can customize this summary. It will automatically update as commits are pushed.
Review by RecurseML
🔍 Review performed on 5da45d8..47025b5
✅ Files analyzed, no issues (3)
•
apps/backend/src/oauth/providers/netsuite.tsx•
apps/backend/src/oauth/index.tsx•
apps/backend/src/lib/projects.tsx⏭️ Files skipped (trigger manually) (2)
packages/stack-shared/src/schema-fields.tspackages/stack-shared/src/utils/oauth.tsxSummary by CodeRabbit
New Features
Chores