Does ServiceNow's oAuth Grant Type of Client Credentials serve no purpose?

Go to solution
Mathieu8
Kilo Guru

‎06-29-2018 11:44 AM

Hi,

I've been exploring ServiceNow's REST APIs and authentication methods. Things have been pretty good with the exception of some confusion around the oauth option.

I've been trying to understand what the grant type "client_credentials" does in ServiceNow's implementation. The only thing I can find is people saying to use password instead. Does it serve absolutely no functionality at all other than to fulfill the requirements of the oauth protocol? I've only ever gotten 403s using the token it gives me.

Thanks!

Labels:
  • 4,207 Views
1 ACCEPTED SOLUTION

Go to solution
josh_nerius
ServiceNow Employee
ServiceNow Employee

‎06-29-2018 12:07 PM

 

Hi Mathieu, 

The Client Credentials grant type is not supported for inbound OAuth in ServiceNow. By definition, Client Credentials is for situations where there is no user involved. In ServiceNow, every session must be bound to a user, and that user's roles are used to determine what the user should have access to. Client Credentials is not compatible with that model. 

Best,

Josh

View solution in original post

7 REPLIES 7

Go to solution
Manjunath P Jak
Kilo Contributor
In response to AnswerIQ

‎03-25-2019 09:14 PM

Yes I was also looking for similar thing for third party application. Does service now lack such kind of authentication I have gone through many of the links in community forum and yet still not able to figure out how to get access to the API using tokens indefinitely without a expiry time.

0 Helpfuls

Go to solution
Rick Mann
Tera Expert
In response to josh_nerius

‎12-04-2019 05:28 AM

Hey Josh

I'm working on a REST integration with Dell TechDirect that requires OAuth with a Grant Type of "Client Credentials".  I'm able to setup a GET method and retrieve a token using Postman, but I'm not sure how to set this up in ServiceNow.

ServiceNow displays the message "Unsupported OAuth grant type 'Client Credentials'." when I click "Get OAuth Token" in the new GET method I've setup.

I set the provider up as a "Third Party OAuth Provider"

 

find_real_file.png

Thank you for any help

Rick

Preview file
50 KB
Preview file
1060 KB
0 Helpfuls

Go to solution
Christakos G
Tera Contributor
In response to josh_nerius

‎01-19-2024 03:42 AM

Hi Josh,

Is this still true? I understand that this post is 5 years old so something might have changed since then.

Is it still true that we always need a grant_type=password to with ServiceNow inbound OAuth 2.0?

0 Helpfuls