oAuth for Scripted REST API

attanhes
Tera Guru

‎05-05-2024 10:58 PM - edited ‎05-05-2024 11:11 PM

I've configured a scripted REST API endpoint to integrate with our internal "Success Factor" application to create Service Request via integration, this works as expected with basic authentication.

However, our internal security team has requested the integration be fortified with OAuth 2.0. In response, I've generated a new client ID and Client Secret within ServiceNow's Application Registry to enhance the security of these configurations.

 

I've conducted testing of the integration using Postman, following numerous online tutorials link . However, I'm still uncertain about the precise information I should share with the Success Factor admin. Is providing the client ID, Client Secret, and the existing username/password credentials sufficient? Or should I update my script or update any other configuration to incorporate this client ID and Clinet secret in the system?

 

 

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {

    var reqbody = request.body.dataString;

    try {
        var parser = new global.JSON();
        var parsedData = parser.decode(reqbody);

        var FirstName = parsedData.v_person_leaving_fn;
        var linemanager = parsedData.v_line_manager;
        var SurName = parsedData.v_person_leaving_sn;
		var Dateleaving = parsedData.v_date_leaving;
		var EmpType = parsedData.v_offboarding_employment_type;

        
        // Log the parsed data
        gs.log("Parsed Data: " + JSON.stringify(parsedData));
		
		var cartId = GlideGuid.generate(null);
        var cart = new Cart(cartId);

        // Query the sys_user table to get the requested for user details
        var grUser = new GlideRecord('sys_user');
        //grUser.addQuery('user_name', linemanager); // Assuming linemanager is the username
		grUser.addQuery('name', linemanager); // Assuming linemanager is the username
        grUser.query();
        if (grUser.next()) {
            var linemanagerSysId = grUser.sys_id.toString(); // Get the sys_id of the user
        }

        var item = cart.addItem('ca9a27141bbcc2102a2eedb7b04bcb0f', 1);

        // Set the variables on the request item form
		cart.setVariable(item, "v_person_leaving_fn", FirstName);
		cart.setVariable(item, "v_person_leaving_sn", SurName);
        cart.setVariable(item, "v_line_manager", linemanagerSysId); // Set the sys_id of the user
        cart.setVariable(item, "v_date_leaving", Dateleaving);
		cart.setVariable(item, "v_offboarding_employment_type", EmpType);
       

        var rc = cart.placeOrder();
        var reqNumber = rc.number;

        // Update the "Requested For" field on the REQ record
        var reqRecord = new GlideRecord('sc_request');
        if (reqRecord.get('number', reqNumber)) {
            reqRecord.setValue('requested_for', linemanagerSysId); // Set the sys_id of the user
            reqRecord.update();
        }

	// Log the request number
        gs.log("Request Number: " + reqNumber);

        // Fetch the RITM number for response
        var ritm = new GlideRecord('sc_req_item');
        ritm.get('request.number', reqNumber);
        var ritmNumber = ritm.number;

        gs.info("RITM Number: " + ritmNumber);
        //gs.log("Test"); // Add any additional logging here if needed

        var res = {};
        res["status"] = "Success";
        res["requestNumber"] = reqNumber;
        res["requestItemNumber"] = ritmNumber;
        response.setBody(res);
    } catch (ex) {
        // Log any errors
        gs.error("Error: " + ex.message);

        var res = {};
        res["status"] = "Error";
        res["message"] = ex.message;
        response.setBody(JSON.stringify(res));
        response.setStatus(500);
    }

})(request, response);

 

 

 

0 Helpfuls
  • 1,879 Views
3 REPLIES 3

Maik Skoddow
Tera Patron
Tera Patron

‎05-06-2024 12:41 AM

Please refer to the following great video to understand what you have to configure: https://www.youtube.com/watch?v=gqqA99rKBJU 

attanhes
Tera Guru
In response to Maik Skoddow

‎05-06-2024 02:03 AM

I have checked the same video and liked to the ddescription as well of this post. I  learned a lot from these videos, but still unclear what I should share with the Success Factor admin.

0 Helpfuls

Randheer Singh
ServiceNow Employee
ServiceNow Employee
In response to attanhes

‎05-06-2024 03:04 AM

Hi @attanhes ,
SuccessFactors support OAuth SAML bearer grant type.
Please refer to this document to configure outbound authentication with SuccessFactors.

On a high level, you have to upload a keystone on the ServiceNow instance and generate the SAML assertion. This SAML Assertion will be sent to SuccessFactors. They will validate the assertion using the public key provided by you. Upon successful validation, they will issue access/refresh tokens to your client.

Thanks,

Randheer

0 Helpfuls