Integrating Microsoft Graph with Service Portal through oAuth

Jordan Rose1
Kilo Expert

‎08-14-2019 09:12 AM

I am trying to integrate SharePoint as a document repository for my Service Portal application.  To do this, I need to interface with the Microsoft Graph API to download and upload documents to SharePoint  I am able to connect and receive data through Rest Messages from ServiceNow to Microsoft, but I cannot setup authentication properly for the user in Service Portal.  

I tried using this single page application method for an example https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-javascript-spa but after getting a login pop-up and authenticating, I can't return the token back to my application and do anything with it.  

Any help getting the redirect/token flow working properly through a Service Portal widget would be much appreciated.

Thanks

Labels:
  • 3,561 Views
3 REPLIES 3

Pratiksha Kalam
Kilo Sage

‎08-14-2019 09:20 AM

Hi,

First, check out: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

In part 3. theres a tip to get adminconsent - THIS IS NEEDED and requires an Azure administrator!

https://login.microsoftonline.com/common/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&state=12345&redirect_uri=http://localhost/myapp/permissions

The above link is a sample link

Client_id is the is of the app and redirect_uri is the EXACT same redirect url as "Redirect URLs" in the app
Edit the link and hit enter - login with an admin account to grant the app the proper rights - so far so good!

Now

Create an outbound POST (REST message)

  • End point: https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token (tenant is either an ID or domain)
  • Authentication type is "No Authentication"
  • Content-Type is "application/x-www-form-urlencoded"

Actually thats is for the Web service setup.

Now when calling the method you need to find some info to parse in the http header

Now,

  • client_id is the client id from the app registered
  • client_secret is the password generated in the app
  • scope is static "https%3A//graph.microsoft.com/.default"
  • grant_type is static "client_credentials"
(function(){
	
	var r = new sn_ws.RESTMessageV2('MS Graph token', 'Token');
	r.setRequestBody('client_id=<INSERT CLIENT ID FOR THE APP>&client_secret=<INSERT THE CLIENT SECRET GENERATED FROM THE APP>&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

	
	var response = r.execute();
	var responseBody = response.getBody();
	var httpStatus = response.getStatusCode();
	var resp = JSON.parse(responseBody);
	
	gs.print('access token ' +resp.access_token);
	
})();

The above script when got the right information should return the following

{"token_type":"Bearer","expires_in":3599,"ext_expires_in":0,"access_token":"eyJ0eXAiOiJKV...."}

The access token is extremly long

Hope this helps others if they want to play with MS Graph

 

If my reply helps you at all, I’d really appreciate it if you click the Helpful button and if my reply is the answer you were looking for, it would be awesome if you could click both the Helpful and Accepted Solution buttons.

Regards,

Pratiksha

Keerthi Nandan
ServiceNow Employee
ServiceNow Employee
In response to Pratiksha Kalam

‎08-16-2021 04:44 PM

This worked fine. Thanks for your Post.

To parse the JSON I used. 

var parser = new JSONParser();
var result = parser.parse(responseBody);
accessToken = result.access_token;

Regards

Nandan.

0 Helpfuls

Fredrik Larsson
Tera Contributor

‎01-04-2020 12:57 PM

Hi, did you make this work? I'm trying to build a few outlook calendar widgets, but having trouble setup azure connection

0 Helpfuls