As an LDAP user, can I get an OAuth token?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-24-2017 09:44 AM
For some automation/integration, I am attempting to get an OAuth token. Per our service provider who manages our SN instance, everything is setup correctly... but when I try:
curl -d"grant_type=password&client_id=[ID]&client_secret=[SECRET]&username=domain\username&password=[PW]" https://[DOMAIN].service-now.com/oauth_token.do
I get a 401:
{"error_description":"access_denied","error":"server_error"}
Username and password are correct for a login via the Web UI. My vendor's developer looked into it and he believes it won't work with LDAP accounts:
Doesn't seem to like LDAP authenticated accounts. I thought it might be the backslash, but if I create a standard SN account with a backslash in the username it's working as expected. Might need to create a built in service account for this instead of LDAP authenticated.
Does that seem correct? I can't use my LDAP-linked account to get a token? Or do I need to escape it in some way?
Any insights would be appreciated!
- Labels:
-
Integrations
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-27-2017 08:56 PM
Hi John,
Please refer to few of these links for your reference:
Using OAuth, you can pass a user ID and password once, and then use a token for subsequent REST requests instead of submitting credentials with each request. In this way, OAuth can improve system security by reducing the number of times you submit user credentials. I suppose you already have enabled the OAuth plugin to use this functionality.
- Enable OAuth in the ServiceNow instance that the external client will connect to.
- You may need to activate the OAuth plugin and set the OAuth property if OAuth is not yet enabled on the instance.
- Register a client application and create an endpoint.
- Record the client_id and client_secret values from the previous step to use when requesting an access token.
- To get an access token, use your REST client, such as cURL or Postman, to send a request to the OAuth endpoint (oauth_token.do).
- Format the request as a URL-encoded HTTP POST body and include the required parameters.
- Record the access token and refresh token from the response.
- Submit the access token with subsequent REST requests.
Since you are receiving a 401 error, it means the user is not authorized to use the API. In this case, the username=domain\username should have additional role granted in ServiceNow to communicate via APIs (for instance, rest_service role). You would need to create a built in service account for this instead (as your vendor suggested).
