Does refresh token gets auto refreshed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-23-2023 04:51 AM
This is regarding OAtuh integration and I want to understand if the refresh token gets auto-refreshed in ServiceNow because that is not happening currently.
I have gone through a couple of articles that talk about OpenID, offlince_Access, and JWT approach, I want to explain the setup I am in and would appreciate your guidance.
I have a rest message configured and when I click on Get OAuth Token it opens the Pingid screen for me and sends a notification on my phone to approve, post which it generates the token.
Questions:
1. Currently the rest message is called from a Flow and it is not working once the refresh token gets expired.
2. I was reading about the Refresh token rotation and it says that the Refresh token also gets refreshed in every transaction we retrieve the access token. Does this behave the same in ServiceNow when ServiceNow is a token provider?
https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/#Refresh-Token-Rotation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-25-2023 02:42 PM
Hi, I do not believe that the blog you have linked to covers SNC's refresh token implementation, but instead is a generic guide to token rotation.
This KB article Managing OAuth Tokens in ServiceNow - Support and Troubleshooting indicates that
'Everytime a new call is made to get a new access token (not by using grant_type=refresh_token) , the expiration of the current refresh token is also refreshed to a new time .'
You can see this behavior in a PDI using Postman to retrieve a new access token, and then checking the Refresh Token expiry time in OAuth Credentials table.
