How to retrieve credentials in Flow Designer REST step?

rcz
Giga Contributor

‎04-28-2021 01:23 AM

Hi,

I'm authenticating with a JSON-RPC 2.0 API (Zabbix) inside a Flow Designer Action.

To get an API token, I currently use a REST step to submit username and password to the API:

# POST /api_jsonrpc.php
{
  "jsonrpc": "2.0",
  "method": "user.login",
  "params": {
    "user": "ServiceNow",
    "password": "password"
  },
  "id": 1
}

This works fine. But I would like to avoid hardcoding the credentials in the script or supply them as an input to the whole Action.

I do use a Connection Alias. With other authentication methods, you can attach credentials to the alias, but this is not available for JSON-RPC authentication.

Is there another way to retrieve credentials inside the request body?

Thanks!

0 Helpfuls
  • 3,436 Views
8 REPLIES 8

Geoff_T
Mega Sage
In response to Ty7

‎06-12-2021 04:29 AM

Hi Ty, 

The type should be specified on the pill; I believe it is a password 2 type. So you would need to decrypt it using a short script like:

 

var myPassword = inputs.password; 

var encr = new GlideEncrypter();
var decrString = encr.decrypt(myPassword);
gs.info(decrString); // decrypted password

 

Geoff

 

 

0 Helpfuls

Sagar Ahire1
Giga Expert

‎04-28-2021 02:49 AM

Hi,

Hope this link will help you.

https://community.servicenow.com/community?id=community_article&sys_id=e46b662ddbec941023f4a345ca961...

 

Please mark it as helpful/correct if it helps you.

Thanks

0 Helpfuls

rcz
Giga Contributor
In response to Sagar Ahire1

‎04-28-2021 04:08 AM

This also has hardcoded credentials.

0 Helpfuls

DanBye_KA2
Tera Contributor

‎04-19-2024 06:17 AM - edited ‎04-19-2024 06:21 AM

So, I had this issue and I spoke to Support, who suggested "its not a natural way to use password2 fields" From my own assumptions, the field is not being decrypted on the fly so it sends the encoded gibberish, which is the wrong value.

 

So, yes you seem to have to decrypt the value in a script step before using it in the body

 

(function execute(inputs, outputs) {
var grsBAC = new GlideRecordSecure('basic_auth_credentials');
if (grsBAC.get('name', '<YOUR_CREDENTIAL_NAME>')) {
var sPassword = grsBAC.getElement('password').getDecryptedValue();
outputs.plain_text = sPassword;
}
})(inputs, outputs);
**remember to set the output value at the bottom of the script step
 
Then use "plain_text" in your body.
 
***NB: As of Washington, there is an extra requirement to enable access to the Decrypter, you'll need to set up a system access KMF record ( I wont go through the entire process) but check this:
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1112530
 
Good luck!
 
0 Helpfuls