GlideOAuthClientRequest cannot be sent with Header?

Go to solution
Steve Socha
Tera Guru

‎11-01-2016 03:33 PM

Hello community!

An integration that I am working on requires the use of OAuth2 and an access_token. I hope to use the new GlideOAuthClient methods for this provisioning. The application I am connecting to requires a Consumer Key be included as a header of the authentication call. I have tried to use the setHead() function included in GlideOAuthClientRequest, but it is not working. I have also tried renaming the function to setHeader() (which is auto-suggested in the IDE), but this brings the same result.

Calling the getHeaders() or getHeader(id) does not return the recently added message, so I suspect that the function is failing. Has anyone encountered something similar when working with these libraries? Is there something else that should be added to the function?

I have included a background script version of my code below (with values changed). This script was adapted from the helpful test script in This Blog Article

var oAuthClient = new sn_auth.GlideOAuthClient();
var tokenRequest = new sn_auth.GlideOAuthClientRequest();
tokenRequest.setGrantType("password");
tokenRequest.setUserName("user_id");
tokenRequest.setPassword("password");
tokenRequest.setScope(null);
gs.log("Headers beforehand are " + tokenRequest.getHeaders()); //Returns [Object object]
tokenRequest.setHead('X-ClientKey','XxXxXxXxXxXxX');
gs.log("Headers afterward are " + tokenRequest.getHeaders()); //Returns [Object object]
gs.log("Header should be " + tokenRequest.getHeader('X-ConsumerKey')); //Returns Null
var tokenResponse = oAuthClient.requestTokenByRequest('Integration Entry on Application Registry', tokenRequest);
var token = tokenResponse.getToken();
gs.log("RESPONSE = " + tokenResponse.getBody()); //Response = You must provide your Consumer Key in an X-ClientKey header
gs.log("AccessToken:" + token.getAccessToken()); // Prints null
gs.log("AccessTokenExpiresIn:" + token.getExpiresIn()); // Prints null
gs.log(" RefreshToken:" + token.getRefreshToken()); // Prints null
//You should be getting proper Access Token long with Refresh Token info. This token will be used in future web service request.
0 Helpfuls
  • 2,786 Views
1 ACCEPTED SOLUTION

Go to solution
josh_nerius
ServiceNow Employee
ServiceNow Employee
In response to Steve Socha

‎11-09-2016 02:20 PM

Hi Steven,



It looks like Concur has not implemented OAuth2 quite to spec, and this is causing some issues.



I was able to get a token using Native flow just using RESTMessageV2 instead of using the OAuth Client Libraries in ServiceNow. Example:



var rm = new sn_ws.RESTMessageV2();

rm.setHttpMethod('GET');

rm.setEndpoint('https://www.concursolutions.com/net2/oauth2/accesstoken.ashx');

rm.setBasicAuth('myuser@domain', 'mypassword');

rm.setRequestHeader('X-ConsumerKey', 'myConsumerKey');


var response = rm.execute();

var body = response.getBody();


gs.debug(response.getBody());


Output >>>



<Access_Token>


  <Instance_Url>https://www.concursolutions.com/</Instance_Url>


  <Token>RemovedForSecurity</Token>


  <Expiration_date>11/4/2017 6:52:15 PM</Expiration_date>


  <Refresh_Token>RemovedForSecurity</Refresh_Token>


</Access_Token>



I'm investigating the setHead method now, but if you plan to continue using the Native flow, I'd recommend using something like the code above.



Edit: It looks like Concur may be in the process of rolling out new OAuth capabilities as I type. Some of their docs have changed since I first started writing this, and it looks like they may have new endpoints for authorizing / getting new tokens.



Edit 2: Concur has indeed rolled out new OAuth functionality since you started the thread, and I believe it may clear up the issues you've been experiencing. Most importantly, it looks like they no longer want special headers.



Take a look at Concur Developer Portal | Authentication for more info. They appear to now fully support Authorization Grant, Password Grant and Client Credential flows.



The workaround I posted above should still work, but I'd recommend reconfiguring your Application Registry entry based on the most recent documentation. I believe your code will start working.


View solution in original post

5 REPLIES 5

Go to solution
bryanbarnard
ServiceNow Employee
ServiceNow Employee

‎11-03-2016 08:56 AM

Hey Steven,



Does the application you are connecting to require the consumer key to be included in the request to get an oauth token (seems that way from your code sample) or is the consumer key required to be sent as an additional header along with bearer oauth token header in requests the applications API?



Is this system public and does it provide docs I could take a look at?





-Bryan


0 Helpfuls

Go to solution
Steve Socha
Tera Guru
In response to bryanbarnard

‎11-03-2016 10:00 AM

Hi Bryan,



The X-ConsumerKey is only required when OAuth is granted. The integration I am working on is to Concur, an expense management system. Here is the API Documentation: Concur Developer Portal | API Reference .



Thanks!


Steve


0 Helpfuls

Go to solution
josh_nerius
ServiceNow Employee
ServiceNow Employee
In response to Steve Socha

‎11-04-2016 10:59 AM

Hi Steven,



I'm working on replicating this on my side and have two quick questions:



1. Which Concur Authentication flow are you using? Native/Web?


2. Can you share how the OAuth provider record is configured in your ServiceNow instance (everything minus Client ID/Secret)



Thanks!


0 Helpfuls

Go to solution
Steve Socha
Tera Guru
In response to josh_nerius

‎11-04-2016 11:21 AM

Hello Josh,



On the application registry, I am following the Native flow.



Here is the XML of my application registry file. I have removed the Client Secret and ID. Note that I have tried multiple combinations of Default Grant Type and OAuth API Script. Does there appear to be a problem with the setHead() function?



<xml>


<oauth_entity>


<access>public</access>


<access_token_lifespan>1800</access_token_lifespan>


<active>true</active>


<auth_code_lifespan>0</auth_code_lifespan>


<auth_url>


https://www.concursolutions.com/net2/oauth2/Login.aspx


</auth_url>


<certificate_url/>


<client_id></client_id>


<client_secret>   </client_secret>


<client_uuid>   </client_uuid>


<comments/>


<default_grant_type>authorization_code</default_grant_type>


<id_token_lifespan>0</id_token_lifespan>


<logo_url/>


<message_signature_lifespan>0</message_signature_lifespan>


<name>Concur November</name>


<oauth_api_script display_value="OAuthUtil">3e3a3a11c333210016194ffe5bba8f70</oauth_api_script>


<redirect_url>https://dev24044.service-now.com/oauth_redirect.do</redirect_url>


<refresh_token_lifespan>8640000</refresh_token_lifespan>


<revoke_token_url>


https://www.concursolutions.com/net2/oauth2/revoketoken.ashx


</revoke_token_url>


<salt>0</salt>


<sys_class_name>oauth_entity</sys_class_name>


<sys_created_by>admin</sys_created_by>


<sys_created_on>2016-10-31 16:30:35</sys_created_on>


<sys_customer_update>true</sys_customer_update>


<sys_id>1a0b2475db322200422859d0cf96194c</sys_id>


<sys_mod_count>47</sys_mod_count>


<sys_name></sys_name>


<sys_package display_value="Global" source="global">global</sys_package>


<sys_policy/>


<sys_replace_on_upgrade>false</sys_replace_on_upgrade>


<sys_scope display_value="Global">global</sys_scope>


<sys_update_name>oauth_entity_1a0b2475db322200422859d0cf96194c</sys_update_name>


<sys_updated_by>admin</sys_updated_by>


<sys_updated_on>2016-11-04 18:14:49</sys_updated_on>


<token_url>


https://www.concursolutions.com/net2/oauth2/accesstoken.ashx


</token_url>


<type>oauth_provider</type>


<user/>


</oauth_entity>


</xml>


0 Helpfuls