- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â07-25-2019 11:48 AM
I am setting up an integration between SharePoint 2013 and ServiceNow. I will be issuing inbound REST requests FROM SharePoint TO ServiceNow using the out-of-box Table REST API provided by ServiceNow. I would like to authorize the request using OAuth, specifically the Client Credentials grant type (in which a client ID and secret are used to get the access token).
Let's assume I have gone to the Application Registry, clicked "Create an OAuth API endpoint for external clients" and proceeded to register my SharePoint application and get a client ID and secret.
My question is in regards to how I will issue the request to get the access token. The ServiceNow London documentation states that the Client Credentials grant type is supported, however I cannot find an example in the documentation of issuing the request for the access token using this grant type. I am assuming I should be able to issue a request for the token with JUST the client ID and secret attached and no user credentials. But the only examples I can find are for the Password and Token Refresh grant types (here's one example and another). The Password grant type requires the client ID and secret, as well as a username and password be sent, which is not what I would like to do. Either these pages haven't been updated since support for more grant types was added, or I'm misinterpreting how this is supposed to work.
Would it be as simple as removing the username and password parameters from the requests in the examples and changing "grant_type" to "client_credentials"?
Also, once you get the access token, how does ServiceNow determine what access rights the client application is authorized for? My understanding is that the access token will not be associated with any specific user, but rather to the registered client application (SharePoint). I need to do simple CRUD operations on a request table (create, read, and update). Will I be able to do this using the Client Credentials grant type? What else will the client application be able to do? Is this configurable?
Solved! Go to Solution.
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â07-26-2019 09:43 AM
Hi,
I did not come across such scenario where OAuth access token is used with other grant_type other than password
The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user.
This is typically used by clients to access resources about themselves rather than to access a user's resources.
https://oauth.net/2/grant-types/client-credentials/
The Client Credentials grant type is not supported for inbound OAuth in ServiceNow. In ServiceNow, every session is bound to a user, and that user's roles are used to determine what the user should have access to. Client Credentials is not compatible with that model.
Hope this helps
Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
⨠Certified Technical Architect || ⨠9x ServiceNow MVP || ⨠ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â07-25-2019 08:42 PM
Hi,
So first step is to hit this endpoint to get the access token
https://dev17945.service-now.com/oauth_token.do
POST Method:
using following in body of the request
grant_type -> password
client_id -> your client id
client_secret -> your client secret
username -> user id in snow
password -> password in snow
content-type -> application/x-www-form-urlencoded
then once you get the access token hit the actual endpoint with header as
Bearer <accessToken>
Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
⨠Certified Technical Architect || ⨠9x ServiceNow MVP || ⨠ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â07-26-2019 09:26 AM
Ankur, your example is the same as the ones I linked - it uses the PASSWORD grant type which requires the credentials of a specific ServiceNow user to be passed in, in addition to the client ID and secret. I am asking if there is a way to issue a request using the CLIENT CREDENTIALS grant type instead, which does NOT require a username/password of a user to be sent but just the client ID and secret. As stated in my post, the ServiceNow London documentation indicates it supports this grant type.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â07-26-2019 09:43 AM
Hi,
I did not come across such scenario where OAuth access token is used with other grant_type other than password
The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user.
This is typically used by clients to access resources about themselves rather than to access a user's resources.
https://oauth.net/2/grant-types/client-credentials/
The Client Credentials grant type is not supported for inbound OAuth in ServiceNow. In ServiceNow, every session is bound to a user, and that user's roles are used to determine what the user should have access to. Client Credentials is not compatible with that model.
Hope this helps
Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
⨠Certified Technical Architect || ⨠9x ServiceNow MVP || ⨠ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â02-06-2020 05:15 AM
