Hi all,

We had a similar problem while integrating ServiceNow with the Google Cloud Pub/Sub. The issue was the same as you described, in the official documentation the provided steps guide you through setting up OAuth2 using the personal/work Google e-mail account (Set up the Google Cloud Pub Sub Spoke) to generate the access token. We wanted to use the service_account created on the Google Cloud platform instead. At first, we tried to set it up using the JSON key file generated on the Google Cloud, but with no luck. Eventually, we managed to make it work using the P12 key and JWT Provider.

Here are the steps for integrating ServiceNow with Google Cloud using the service_account and OAuth2 JWT Token:

1. After setting up the service_account create a new P12 key for it in the Google Cloud and download it to your machine.
2. Log in to your ServiceNow instance and open JWT Keys, then click on the create new record button. Populate the following fields:
   • Name: e.g. Google Cloud Key
   • Signing Keystore - create a new record and upload the downloaded P12 key into it
     • Name: e.g. Google Cloud Certificate
     • Type: Java Key Store
     • Key store password: notasecret (default password generated while creating P12 key on Google Cloud - change this value if needed).
     • Active: true (default value)
   • Signing Algorithm: RSA 256
   • Signing Key: notasecret (default password generated while creating P12 key on Google Cloud - change this value if needed).
3. Open JWT Providers, then click on the create new record button. Populate the following fields:
   • Name: e.g. Google Cloud Provider
   • Signing Configuration: pick a configuration you created in the previous step (e.g. Google Cloud Key)
   • Expiry Interval (sec): e.g. 3600 (or leave 60 - default value)
   • JWT API Script: leave empty (default)
4. After that, open System OAuth -> Application Registry and create a new record by choosing the option "Connect to a third party OAuth Provider", then populate the following fields:
   • Name: e.g. Google Cloud JWT
   • Client ID: NotNeededForJWT
   • Client Secret: NotNeededForJWT
   • Default Grant Type: JWT Bearer
   • Refresh Token Lifespan: 8,640,000 (leave default value)
   • Token URL: https://oauth2.googleapis.com/token
   • Redirect URL: will be auto-generated
   • You can leave other fields at default values.
5. After submitting the new Application Registry record, a new OAuth Entity Profile will be created with the same name as the registry with the suffix default_profile (e.g. Google Cloud JWT default_profile ). Open it from the Application Repository related list and make sure that the Grant type is JWT Bearer. Update the JWT Provider reference and pick a record we created in step 3 (e.g. Google Cloud Provider) and then save the changes.
6. Now we have to create a Credential record that will use the newly created application registry. Click on All and open IntegrationHub -> Connection & Credentials -> Connection & Credential Aliases, then click New.
   • Change the Type to: Credential
   • Name: e.g. Google Cloud Alias
   • Click Save and re-open this record
7. On the newly created Connection & Credential Aliases record click the New button on the Credentials related list and then choose the option "OAuth 2.0 Credentials". Populate the following fields:
   • Name: e.g. Google Cloud Cred
   • OAuth Entity Profile: choose the profile from the step 5 (e.g. Google Cloud JWT default_profile)
   • You can leave other fields at default values
8. On the newly created Credentials record click on the Get OAuth Token hyperlink and you should get the following message: OAuth token flow completed successfully
9. That's it. Now you can open/create the integration Action in the Flow Designer and under the REST Step choose the Credential Alias created in step 6 (e.g. Google Cloud Alias) and the integration with the Google Cloud using the service_account should work using JWT Bearer.