- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-29-2018 11:44 AM
Hi,
I've been exploring ServiceNow's REST APIs and authentication methods. Things have been pretty good with the exception of some confusion around the oauth option.
I've been trying to understand what the grant type "client_credentials" does in ServiceNow's implementation. The only thing I can find is people saying to use password instead. Does it serve absolutely no functionality at all other than to fulfill the requirements of the oauth protocol? I've only ever gotten 403s using the token it gives me.
Thanks!
Solved! Go to Solution.
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-29-2018 12:07 PM
Hi Mathieu,
The Client Credentials grant type is not supported for inbound OAuth in ServiceNow. By definition, Client Credentials is for situations where there is no user involved. In ServiceNow, every session must be bound to a user, and that user's roles are used to determine what the user should have access to. Client Credentials is not compatible with that model.
Best,
Josh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-29-2018 12:07 PM
Hi Mathieu,
The Client Credentials grant type is not supported for inbound OAuth in ServiceNow. By definition, Client Credentials is for situations where there is no user involved. In ServiceNow, every session must be bound to a user, and that user's roles are used to determine what the user should have access to. Client Credentials is not compatible with that model.
Best,
Josh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-26-2018 12:46 PM
Hi Josh,
I think the original post is looking for a way to obtain the token other than using password. Can you confirm using password is the only way? Or there is other options like Authorization code grant type?
Also, for outbound OAuth, we can obtain the token using Authorization code grant type from UI, can we do the same via API call?
Thanks,
Shawna
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-13-2018 02:31 AM
Hi Josh,
Our scenario is somewhat of the kind that we don't want to save user credentials on the third party client side.
On the third party client-side we only have client-id and client-secret. We may also save refresh token on third party side, but then again the third party would need user credentials to get a new "refresh token".
Can you suggest some way to get bearer access token through an API without using user credentials?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-25-2019 09:13 PM
Yes I was also looking for similar thing for third party application. Does service now lack such kind of authentication I have gone through many of the links in community forum and yet still not able to figure out how to get access to the API using tokens indefinitely without a expiry time.
