Getting Requestor ID in OAuth2 token request
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-15-2022 07:54 AM
Hi!
I've been experimenting with an OAuth2 solution for outbound rest messages from servicenow.
Our solution demands that the resource is specified in the token request when sent to the Auth provider. I've solved this by extending the OAuthClient as a OAuth API Script and adding the resource header to the token request.
However, as the Auth provider is providing tokens for a multitude of services I want to make the Oauth API Script more dynamic and storing the corresponding resource at the REST Message level. When the API Script is running I want it to catch the requestor_id and get the resource from the REST message record.
I can see that the token is stored with both the REST message sys_id as the requestor ID aswell as the provider sys_id but I can't figure out how to catch the request_id in the API Script.
Any suggestions?
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-15-2022 03:06 PM
Hi, you may need to clarify your requirements as they are a little difficult to understand.
I would expect a single Oauth token request once per access token lifespan period;
And while it should be possible to identify any REST messages related to this this token, this is a 1 to many relationship and so you would need a way to identify the correct REST message.
Can you update this thread to clarify your configuration, process and exact requirements?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-16-2022 08:26 AM
Thanks for replying, I greatly appreciate your time!
I'll try again to see if I can explain it better.
We have a outbound REST integration that requires getting an Oauth2 token with client credentials to access. However, I need to attach a header which contains a specified resource with the token request.
I solve this by adding a API script to the Oauth profile which adds the header.
This Oauth2 token provider can hand out tokens for other endpoints aswell. Just as the endpoint for the REST integration is unique, so is the header-value required for the OAuthToken.
I could solve it by creating a new provider record and a new API script to that provider that has the resource value needed for that specific rest-service. This would lead to multiple OAuth API Scripts in the Application registry.
A better solution would be to keep the single application registry record and add a lookup from the API-script to get the corresponding outbound REST record resource.
In the Script Include OauthAccessToken the requestor is checked and I could alter this script to make sure that this value is available to the OAuth API Script in order to send the correct header value to the Oauth provider, but it would be slick to leave it unchanged and do the lookup in an extended and custom version of the OAuthUtil-script.
I realize that I'm failing on how to describe this in an easy way. Did it clarify anything at all?
