How to use GlideOAuthClient to get access token from Azure

TechTurtle · ‎02-23-2024

Hello,

We have enabled SSO with Azure AD as a result users who are in Azure Ad can SSO to login to ServiceNow.

Now, we need to call another API from ServiceNow. The API expects Azure OAuth token.

I am struggling for any good example which can show how to obtain this token so that we can pass it to another API.

I am considering to use Application Registry and then use GlideOAuthClientRequest to request token, however, I am not getting any good example (even the official documentation is not enough around it).

I tried: https://www.servicenow.com/community/architect-forum/ms-graph-oauth-2-0-integration-best-practice-qu...

but the author didn't provide much details ( I am new to ServiceNow).

Can someone who have acquire OAuth token from Azure please share the steps?

Thank you.

Community Alums · ‎02-23-2024

Hi @TechTurtle ,

The GlideOAuthClient API provides methods for requesting and revoking OAuth refresh and access tokens.

You can use this API in global and scoped scripts. In scoped scripts us the sn_auth namespace identifier.

GlideOAuthClient - getToken(String requestID, String oauthProfileID)

Retrieves the access and refresh tokens for the client.

Parameters
Name	Type	Description
requestID	String	Request ID from the OAuth Requestor Profile [oauth_requestor_profile] table, which references the OAuth Entity Profile [oauth_entity_profile] table.
oauthProfileID	String	OAuth profile ID from the OAuth Entity Profile [oauth_entity_profile] table.

Returns
Type	Description
GlideOAuthToken	The access and refresh tokens for the client.

Example

This example code shows how to retrieve access and refresh tokens from the instance database.

function dumpToken(token) {
  if(token) {
     gs.info("AccessToken:" + token.getAccessToken());
     gs.info("AccessTokenExpiresIn:" + token.getExpiresIn());
     gs.info("RefreshToken:" + token.getRefreshToken());
  }
}

var oAuthClient = new  sn_auth.GlideOAuthClient();
var token = oAuthClient.getToken('248e3017c302301089a7dd5c2840dda5', '9c4e78d3c302301089a7dd5c2840dd76');
dumpToken(token);

Output:

*** Script: AccessToken:6MRxD3TRYYvIaoKr-JCy3KiaOxBPu4C9k8oafo3MYf9q8zDyHQr8UzMSM3Md2alfaES1rzSYe5ydqgbOwpm7TA
*** Script: AccessTokenExpiresIn:1207
*** Script: RefreshToken:sc0iTK-0PcVkRi14HXPM3vT0FyOPO8iCqC10huQoDSSLBGUSnmEv_fUfJzGWCWBb_StsXIOz6r8qF-hRhURWTA

GlideOAuthClient - requestToken(String clientName, String jsonString)

Retrieves the token for the client, with the request parameters encoded in JSON format.

Parameters
Name	Type	Description
clientName	String	The client name.
jsonString	String	The JSON string for the client.

Returns
Type	Description
GlideOAuthClientResponse	The token for the client.

Example

This example shows a resource owner password grant type request, with request parameters encoded in JSON format.


var oAuthClient = new GlideOAuthClient();
var params ={grant_type:"password", username:"itil", password:'itil'};
var json =new JSON();
var text = json.encode(params);
var tokenResponse = oAuthClient.requestToken('TestClient', text);
var token = tokenResponse.getToken();

gs.log("AccessToken:"+ token.getAccessToken());
gs.log("AccessTokenExpiresIn:"+ token.getExpiresIn());
gs.log(" RefreshToken:"+ token.getRefreshToken());

GlideOAuthClient - requestTokenByRequest(String clientName, GlideOAuthClientRequest request)

Retrieves the token for the client, with the client name and the request set into a GlideOAuthClientResponse object.

Parameters
Name	Type	Description
clientName	String	The client name.
request	GlideOAuthClientRequest	The request.

Returns
Type	Description
GlideOAuthClientResponse	The token for the client.

GlideOAuthClient - revokeToken(String clientName, String accessToken, String refreshToken, GlideOAuthClientRequest request)

Revokes the access or refresh token for the client, with the request and optional header parameters set into a GlideOAuthClientRequest object.

Parameters
Name	Type	Description
clientName	String	The client name.
accessToken	String	The access token.
refreshToken	String	The refresh token.
request	GlideOAuthClientRequest	The request.

Returns
Type	Description
GlideOAuthClientResponse	The token for the client.

Also,

You can refer to this video : https://www.youtube.com/watch?v=fVLeB2tARus

TechTurtle · ‎02-29-2024

Thanks for the reply, two points:

1. It's asking for user consent (pop-up for user to sign-in), however, I am looking for non-interactive way to get token.

2. I am not getting Refresh token even after adding "offline_access" in scope.

further, the code is fine, but there is no link on how to create those profiles.

oAuthClient.requestToken('TestClient', text);

oAuthClient.getToken('248e3017c302301089a7dd5c2840dda5', '9c4e78d3c302301089a7dd5c2840dd76')

Amit Verma · ‎02-26-2024

Hi @TechTurtle

Below video could be helpful :

https://youtu.be/6pbLcK1a_xc

Thanks & Regards

Amit Verma

Please mark this response as correct and helpful if it assisted you with your question.

TechTurtle · ‎02-29-2024

Thanks for the reply, however, this is interactive way to get token.