GlideOAuthClientRequest cannot be sent with Header?

Steve Socha · ‎11-01-2016

Hello community!

An integration that I am working on requires the use of OAuth2 and an access_token. I hope to use the new GlideOAuthClient methods for this provisioning. The application I am connecting to requires a Consumer Key be included as a header of the authentication call. I have tried to use the setHead() function included in GlideOAuthClientRequest, but it is not working. I have also tried renaming the function to setHeader() (which is auto-suggested in the IDE), but this brings the same result.

Calling the getHeaders() or getHeader(id) does not return the recently added message, so I suspect that the function is failing. Has anyone encountered something similar when working with these libraries? Is there something else that should be added to the function?

I have included a background script version of my code below (with values changed). This script was adapted from the helpful test script in This Blog Article

var oAuthClient = new sn_auth.GlideOAuthClient();
var tokenRequest = new sn_auth.GlideOAuthClientRequest();
tokenRequest.setGrantType("password");
tokenRequest.setUserName("user_id");
tokenRequest.setPassword("password");
tokenRequest.setScope(null);
gs.log("Headers beforehand are " + tokenRequest.getHeaders()); //Returns [Object object]
tokenRequest.setHead('X-ClientKey','XxXxXxXxXxXxX');
gs.log("Headers afterward are " + tokenRequest.getHeaders()); //Returns [Object object]
gs.log("Header should be " + tokenRequest.getHeader('X-ConsumerKey')); //Returns Null
var tokenResponse = oAuthClient.requestTokenByRequest('Integration Entry on Application Registry', tokenRequest);
var token = tokenResponse.getToken();
gs.log("RESPONSE = " + tokenResponse.getBody()); //Response = You must provide your Consumer Key in an X-ClientKey header
gs.log("AccessToken:" + token.getAccessToken()); // Prints null
gs.log("AccessTokenExpiresIn:" + token.getExpiresIn()); // Prints null
gs.log(" RefreshToken:" + token.getRefreshToken()); // Prints null
//You should be getting proper Access Token long with Refresh Token info. This token will be used in future web service request.

josh_nerius · ‎11-09-2016

Hi Steven,

It looks like Concur has not implemented OAuth2 quite to spec, and this is causing some issues.

I was able to get a token using Native flow just using RESTMessageV2 instead of using the OAuth Client Libraries in ServiceNow. Example:

var rm = new sn_ws.RESTMessageV2();

rm.setHttpMethod('GET');

rm.setEndpoint('https://www.concursolutions.com/net2/oauth2/accesstoken.ashx');

rm.setBasicAuth('myuser@domain', 'mypassword');

rm.setRequestHeader('X-ConsumerKey', 'myConsumerKey');


var response = rm.execute();

var body = response.getBody();


gs.debug(response.getBody());

Output >>>

<Access_Token>

<Instance_Url>https://www.concursolutions.com/</Instance_Url>

<Token>RemovedForSecurity</Token>

<Expiration_date>11/4/2017 6:52:15 PM</Expiration_date>

<Refresh_Token>RemovedForSecurity</Refresh_Token>

</Access_Token>

I'm investigating the setHead method now, but if you plan to continue using the Native flow, I'd recommend using something like the code above.

Edit: It looks like Concur may be in the process of rolling out new OAuth capabilities as I type. Some of their docs have changed since I first started writing this, and it looks like they may have new endpoints for authorizing / getting new tokens.

Edit 2: Concur has indeed rolled out new OAuth functionality since you started the thread, and I believe it may clear up the issues you've been experiencing. Most importantly, it looks like they no longer want special headers.

Take a look at Concur Developer Portal | Authentication for more info. They appear to now fully support Authorization Grant, Password Grant and Client Credential flows.

The workaround I posted above should still work, but I'd recommend reconfiguring your Application Registry entry based on the most recent documentation. I believe your code will start working.

View solution in original post

josh_nerius · ‎11-09-2016