Azure DevOps REST Flow Step issues - Issue with Token Request

Brandon P1 · ‎05-09-2024

Hi All!

I am hoping someone has a suggestion or insight into what I may be missing or have incorrectly configured. We are trying to set up what I believed to be a straight forward integration to generate a user story or task in ADO from SN.

The issue we are having appears to be with the token handling. I will go through set up in a bit but essentially our flow action the REST Step while connecting is not passing in a new token and as a result we are getting a sign in response from Azure. From my research and looking through the forums it seems when we make the call using the alias and credential it should be making the token request automatically but this is not happening and we have to manually refresh the token in the credential in order for the action to work.

Starting with the Flow Action - REST action:

We are using a connection alias and we are pulling the outbound REST message we configured.

the credential and connection alias:

This record connects to our connection which is as follows:

The connection then links to the credential:

which will refresh the tokens without issue when manually trigging the get authorization token link on this record. This links back to our OAuth entity profile:

which finally brings us to our OAuth Provider record:

I mentioned earlier that we also have a connected outbound REST message:

This message also connects to the profile and OAuth registration. In both the REST message and the Credential the link to refresh token works without issue. we have no errors testing the REST message at all. The issue is when we are testing the Flow Action -Rest step where if we do not manually refresh the token on the credential the test fails with a 203 error (incomplete response) and a azure login. this seems to indicate that the the token passed to the action does not get refreshed or a new token retrieved if expired. Here is an example of the error:

So the question here is how do I get around this, what am I missing or have misconfigured that is preventing a new token from automatically being requested before making the actual rest step to ADO?

Thanks!

Brandon P1 · ‎06-19-2024

while SN support was unable to provide direction on this on our team was able to identify the mis configuration and why it was a mis configuration.

We had originally configured for authorization code however this method with MS Azure would not return a refresh token. which is where the issue resulted as long as we had a valid token we had access but no means of getting a new one automatically as is. However switching to client credential allows us to make on demand connections using the client and secret set up in Azure. The resolution was understanding the different grant types and their limitations.

View solution in original post

Josh Gold · ‎05-09-2024

Hi @Brandon P1 ! I could suggest a simpler configuration if you're able/willing to abandon your efforts so far. Have you tried Unito's integration for ServiceNow and ADO? It's much simpler to navigate. Here's a guide to get you started!

Brandon P1 · ‎06-19-2024

while SN support was unable to provide direction on this on our team was able to identify the mis configuration and why it was a mis configuration.

We had originally configured for authorization code however this method with MS Azure would not return a refresh token. which is where the issue resulted as long as we had a valid token we had access but no means of getting a new one automatically as is. However switching to client credential allows us to make on demand connections using the client and secret set up in Azure. The resolution was understanding the different grant types and their limitations.