managing oAuth client secret expiry

stevemac · ‎11-13-2023

Hi,

We have a few integrations where the oAuth client secret needs to be changed on a regular basis (e.g. some every 6 months, another is every 12 months). There does not appear to be a ServiceNow provided method to manage this

Is anyone aware of ServiceNow functionality to do this?

In absence of an OoTB solution, I was thinking of the following

custom fields on the oauth_entity table
- Client Secret Expiry behaviour [choice: None, Expires]
- Client Secret duration [Integer]
- Client Secret expiry date [date field, calculated when client secret changes]
- Notify on Expiration [Glidelist on sys_user]
- Warn in days to expire [integer]
Notifications triggered
- when current date = client secret expiry date less Warn in days to expire value
- when current date = client secret expiry date less 2 days
- when current date = client security expiry date plus one day

any thoughts?

thanks,

Steve

AnveshKumar M · ‎11-13-2023

Hi @stevemac

Sometime back, we were also searching for similar one and ended up with a similar solution as you were planning.

You can use oauth_crdential (System oAuth -> Manage Tokens) table to get the type of the token and it's expiry date (you can utilise this to avoid atleast few custom field).

And ServiceNow has a KB which talks about automation to get the Refresh Tokens if the existing one expires.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0823628

I tried this with not much luck.

Please mark my answer helpful and accept as solution if it helped 👍✅

Thanks,
Anvesh

stevemac · ‎11-16-2023

Thanks Anvesh.

Token expiry is not the issue here and we are (mostly) ok with refresh token renewal

Issue I need to solve is the regular change of the client secret so we adhere to internal standards