OAuth authorization code grant flow : Access Denied Error

kahuna_windows
Tera Contributor

ā€Ž09-17-2021 07:19 AM

Getting access denied while getting access token and refresh token from the authorization code. Please check the attached screenshot, need help if I need to enable any permissions.

No issue in getting the authorization code, the only problem is while getting the access token and refresh token using the authorization code.

 

Labels:
Preview file
253 KB
0 Helpfuls
  • 2,706 Views
11 REPLIES 11

ruchika11
Kilo Explorer
In response to palanikumar

ā€Ž09-23-2021 11:57 PM

Yes i am testing by postman so i had put the callback url as https://www.getpostman.com/oauth2/callback . But then while get access token i am getting error as "Missing redirect URL in application registration." So i tried this

Change the details bold in text below.

https://{your-instance-name}.service-now.com/oauth_auth.do?response_type=token&redirect_uri={redirec...client_id}&state={some-unique-id}&grant_type=authorization_code

 

as 

https://dev45415.service-now.com/oauth_auth.do?response_type=token&redirect_uri=https://www.getpostman.com/oauth2/callback&client_id= 9e3efb14b0e2301019233c0798466216&state=state&grant_type=authorization_code

 

but i am getting error "

unauthorized_client: The client credentials provided (those of the service you are using) are either not valid or not trusted"

on the browser.

Found the above URL from https://medium.com/@ijayakantha/service-now-everything-you-need-to-know-about-oauth-2-integration-e2af3c99c834

Thanks

0 Helpfuls

palanikumar
Mega Sage
In response to ruchika11

ā€Ž09-24-2021 12:12 AM

I can see client secret missing in this URL

Also dont sent as GET method. Use POST method and pass data in x-www.form-urlencoded tab as below screenshot

find_real_file.png

Thank you,
Palani
Preview file
35 KB
0 Helpfuls

ruchika11
Kilo Explorer
In response to palanikumar

ā€Ž09-24-2021 12:21 AM

still getting unauthorized_client: The client credentials provided (those of the service you are using) are either not valid or not trusted

0 Helpfuls

palanikumar
Mega Sage
In response to ruchika11

ā€Ž09-24-2021 12:32 AM

Can you share the actual client id and client secret you are passing as well as your instance name. I can check.

Thank you,

Palani

Thank you,
Palani
0 Helpfuls

ruchika11
Kilo Explorer
In response to palanikumar

ā€Ž09-24-2021 12:55 AM

Yes Following are the details:

POST: https://dev4545.service-now.com/oauth_auth.do

BODY: 

grant_type:password
response_type:token
redirect_uri:https://www.getpostman.com/oauth2/callback
client_id: 9e3efb14b0e2301019233c07984662
client_secret:secret
state:1
grant_type:authorization_code
username:admin
password:eUWT8chBu1d

Headers:

Content-Type:application/x-www-form-urlencoded
Accept:application/json
Cookie:BIGipServerpool_dev77946=176379914.23105.0000; JSESSIONID=FF5E7DF25A5FABB194B6E846CF27B65B; glide_user_route=glide.2eed70e2396b2a8572c2a72be38c3ae9

 

Response:

{
"error_description": "access_denied",
"error": "server_error"
}
0 Helpfuls