Best Approach to Handle and Store OAuth Authorization Code in ServiceNow

Pooja_29
Tera Contributor

‎01-08-2025 09:51 PM

Hello everyone,

I am currently working on integrating ServiceNow with LinkedIn. As part of the OAuth 2.0 authorization flow, after users successfully authorize the integration, I receive an authorization code in the URL, like this:

 

 

https://dev203650.service-now.com/oauth_redirect.do?code=AQR_WjTIXSyvTCy8Aa1dKJRHBY0WB8RiWezj03AESdnLtrmtW5I4eTr_pNzqHduw-Qfb8c4cE4tdJhqeb3O7-7fR0eMYFfEmklHmlKYbimmg4YC0p_JlS4AaHkVYnXKu8lWl8W_mjew-JD45gLA1JyEdQZhpEwz-h7FJBmQfrEJ6i4DUo7mhJy3fOmTk3G6St0J_puLG4HDOEyT_SZ0

 

I would like to understand the best approach to handle and store this authorization code in ServiceNow for obtaining access tokens for multiple users. Specifically, I am looking for guidance on how to capture the code from the redirect URL and securely store it in ServiceNow for further processing.

Preview file
18 KB
0 Helpfuls
  • 722 Views
5 REPLIES 5

Runjay Patel
Giga Sage
In response to Pooja_29

‎01-09-2025 06:00 AM

Hi @Pooja_29 ,

 

Yes, that you have to pass in every call. I am talking about once the refresh token generated store it in property and get the access token with help of refresh token which you need to pass in every api call.

 

Access TokenA secure string that a client uses to access protected resources. An instance issues access tokens to clients that have a valid authorization grant. Each access token has a specific scope, lifespan, and other attributes.

By default, an instance issues access tokens with a 30-minute lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 30 days.

Refresh TokenA credential that a client uses to obtain new access tokens without requiring additional user authorization. An instance issues a refresh token to a client when it is first authorized to have an access token.

By default, an instance issues refresh tokens with a 100-day lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 365 days.

 

So you need to store the refresh token in property and use it to generate the access token. 

 

-------------------------------------------------------------------------

If you found my response helpful, please consider selecting "Accept as Solution" and marking it as "Helpful." This not only supports me but also benefits the community.


Regards
Runjay Patel - ServiceNow Solution Architect
YouTube: https://www.youtube.com/@RunjayP
LinkedIn: https://www.linkedin.com/in/runjay

-------------------------------------------------------------------------

0 Helpfuls