Get Oauth access token return server_error access_denied

Randy25 · ‎09-27-2018

I am trying to connect to the REST API to get incidents in my service now instance using OAuth code grant flow as described below:

OAuth authorization code grant flow

I can get a code from the first step, but when I try to request the access and refresh tokens I get a 401 unauthorized response with the body:

{"error_description":"access_denied","error":"server_error"}

I use OAuthClient library to post request and my URL is :

https://<instance>.service-now.com/oauth_token.do

My body/query params are:

grant_type=authorization_code&code=<code>&redirect_uri=<uri>&client_id=<id>&redirect=<redirecturl>

ARG645 · ‎09-28-2018

And, your endpoint should just end with oauth_token.do All the parameters like code, redirect uri etc etc should be sent in the body Please send screen shots of Autherization Tab, Headers Tab and Body Tab from your Postman

View solution in original post

ARG645 · ‎09-27-2018

Randy,

OAuth can be a rabbit hole sometimes. Please try the below method.

Your body/query should be

grant_type=authorization_code&code=<code>&redirect_uri=<uri>&scope=useraccount

You should also use an Autherization header that is a base64 encode of your client ID and Client Secret as shown below

Authorization: Basic base64clientinfo

In the above line replace base64clientinfo with the value obtained from the below line

GlideStringUtil.base64Encode('<client_id>:<client_secret>');

I hope this helps.

References:

https://community.servicenow.com/community?id=community_question&sys_id=55054f2ddbd8dbc01dcaf3231f9619b6

https://community.servicenow.com/community?id=community_blog&sys_id=0f5de629dbd0dbc01dcaf3231f9619ca

http://www.john-james-andersen.com/blog/service-now/easy-base64-encoding-in-servicenow.html

Randy25 · ‎09-28-2018

Hi Aman,

I tried your suggestion and get the same result. Here is my URL request by postman

Authorization is Base64 encode("<client_id>:<client_secret>")

ARG645 · ‎09-28-2018

Add the word ‘Basic ‘ infront of the base64 value So it should be something like Authorization: Basic Mmq1...........

ARG645 · ‎09-28-2018

And, your endpoint should just end with oauth_token.do All the parameters like code, redirect uri etc etc should be sent in the body Please send screen shots of Autherization Tab, Headers Tab and Body Tab from your Postman