How to get access token with other instance client_id and client_secret?

Go to solution
Randy25
Kilo Contributor

‎10-01-2018 01:25 AM

Hi, I have registered Oauth on my devinstanceA and I can get the access token from https://devinstanceA.service-now.com/oauth_token.do.

But when I tried to get devinstanceB access token with devinstanceA client_id and client_secret. I got 401 error with message: 

unauthorized_client: The client credentials provided (those of the service you are using) are either not valid or not trusted.

P.S. InstanceA and B are developer instance.

0 Helpfuls
  • 3,167 Views
1 ACCEPTED SOLUTION

Go to solution
chrissquires1
Tera Guru
In response to Randy25

‎10-03-2018 04:20 AM

The way we have chosen to implement is to have a different Client ID/Client Secret in each environment for the same account.  For example: We can create an application registry in different environments all called ABCGroup.  Allow the system to generate the client secret and provide the Client ID and Client Secret to the user/group, along with the  endpoints (environment specific). 

View solution in original post

0 Helpfuls
8 REPLIES 8

Go to solution
ARG645
Tera Guru
In response to Randy25

‎10-02-2018 04:46 AM

Can I get the access token of instanceA with the same ID and secret if I move them to instanceB? Answer: NO. Reason: the whole point of Oauth is to generate access token randomly based on multiple factores like client Id, client secret, autherization code, refresh token time etc etc. An OAuth server should be smart enough not to generate the same access token for the same credentials. Even if it happens, chances are very very slim and it would make man in the middle attacks easy for the hacker. How to capture an OAuth registry in an update set is very well explained by chrissquiresnin the below comment. Please follow that.
0 Helpfuls

Go to solution
chrissquires1
Tera Guru
In response to Randy25

‎10-02-2018 04:34 AM

When you created the Application Registry for the user, it should have added to an update set.  Navigate to Application Registry.  Find the user created for OAuth.  Review the versions to see which update set holds the information and migrate that, or add a comment to dirty the form, save it to a new update set and migrate that one.

The other alternative is to manually create the registry in each environment.  The downside of that is you can't just update the URL and hit oauth_token.do.  You would need to also update the Client ID/Client Secret each time you change environments. 

0 Helpfuls

Go to solution
Randy25
Kilo Contributor
In response to chrissquires1

‎10-02-2018 07:28 PM

Hi, if I don't misunderstand the reply, the OAuth client registered in instanceA is only for instanceA to get access token.

 

Can I register an OAuth client that I can get access token of different instances of different accounts?

0 Helpfuls

Go to solution
chrissquires1
Tera Guru
In response to Randy25

‎10-03-2018 04:20 AM

The way we have chosen to implement is to have a different Client ID/Client Secret in each environment for the same account.  For example: We can create an application registry in different environments all called ABCGroup.  Allow the system to generate the client secret and provide the Client ID and Client Secret to the user/group, along with the  endpoints (environment specific). 

0 Helpfuls