Azure Delegated Permissions <-> ServiceNow OAuth / Outbound Rest Messages
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2025 12:07 AM - edited 07-08-2025 12:32 AM
Hi all,
we have a catalog item which is pre-populated with data from azure (on-demand). Here is the current flow:
0. User logs on to ServicePortal via SSO (Azure Account / OIDC Identity Provider)
1. User selects a subscription from a dropdown.
2. Catalog Client Script triggers on field change.
3. Client script invokes a Script Include.
4. Script Include runs REST messages to Azure via OAuth. (Graph API/Management API)
5. Azure returns current data (VNets, Subnets, DNS Zones, Peerings, Groups, Managed Identities etc).
6. Script Include returns data to Client Script.
7. Client Script populates form fields with returned data.
This works fine if using client credentials OAuth flow. (although this doesn't scope (full access to all resources) the queries to the users' azure permissions).
But how do I utilize Authorization Code flow, so that queries to Azure resources are scoped by the users' Azure permissions via delegated OAuth 2.0 flow?
What needs to be configured so that Access and Refresh tokens are also retrieved by using OAuth OIDC SSO?
Scopes of the APIs:
openid
profile
email
https://graph.microsoft.com/Application.Read.All
https://graph.microsoft.com/Group.Read.All
https://graph.microsoft.com/User.Read.All
https://graph.microsoft.com/.default
+
https://management.azure.com/.default
Thanks for your help in advance.
We have the Application Registration in Azure setup and also we have received Admin consent after requesting oauth token on the rest message page.
#yokohama
