For OAuth 2.0, while trying to make a POST request for Refresh token as described in the Oracle NetSuite Authentication Guide (at page 78 - section Refresh Token POST Request to the Token Endpoint), I found an inconsistent behaviour.
For the 2nd step (Retrieve refresh_token), if I use the following request:
URL: https://<account_id>.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token?redirect_uri=<redirect_uri>&grant_type=authorization_code&code=<code>&code_verifier=<code_verifier>
Headers:
Content-Type:application/x-www-form-urlencoded; charset=utf8
Authorization:Basic <consumer_key_encoded_base64>
The HTTP status is 200 OK -> see [1] in the screenshot below.
On the 3rd step (Refresh token), if I use the same headers for my request:
URL: https://<account_id>.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token?grant_type=refresh_token&refresh_token=<refresh_token>
Headers:
Content-Type:application/x-www-form-urlencoded; charset=utf8
Authorization:Basic <consumer_key_encoded_base64>
The HTTP status is 400 Bad Request -> see [2] in the screenshot below.
However, if I only change the Content-Type to application/x-www-form-urlencoded (remove the charset=utf8 part), the HTTP status is 200 OK -> see [3] in the screenshot below.
The tool I’m using to send requests to Oracle NetSuite’s endpoints automatically adds application/x-www-form-urlencoded; charset=utf8 to the Content-Type header.
Is there any way to make the POST request work this way?