OAuth Provider application registry and Token URL parameter

andriyko
Giga Contributor

‎07-29-2015 02:44 AM

I want to generate oauth token from UI page/Include Script.

Under Application Registry created new entry of "OAuth Provider" type.

Name: MyOAuthProvider

      Client ID: someid

      Client Secret: somesecret

      Token URL: https://<currentinstance>.service-now.com/oauth_token.do

In Include Script:

var tokenRequest = new sn_auth.GlideOAuthClientRequest();

tokenRequest.setGrantType("password");

tokenRequest.setUserName("someuser");

tokenRequest.setPassword("somepassword");

var oAuthClient = new sn_auth.GlideOAuthClient();

var tokenResponse = oAuthClient.requestTokenByRequest("MyOAuthProvider", tokenRequest);

var token = tokenResponse.getToken();

The code works fine. The problem is that the "Token URL" parameter uses the host name of current instance. It will not work on other instances if I include "MyOAuthProvider" as an Application File into my application.

What are possible solutions to have the   "Token URL" with current instance host name?

0 Helpfuls
  • 2,203 Views
3 REPLIES 3

john_roberts
Mega Guru

‎07-29-2015 10:31 AM

Now I see why you were asking about fix scripts.


That would have been the ideal solution for this problem. However, as you found it's not going to work since the table prevents access from your app scope. Another problem, and bigger issue is that the application registry table is not configured as an application file extension. This means the new record won't even be captured in your application or an update set.


I'm not sure why these aren't application files, seems like they should be.


Bobby Edmonds do you have any thoughts from your security days?


0 Helpfuls

andriyko
Giga Contributor
In response to john_roberts

‎07-29-2015 11:14 AM

There is a "Create Application File" which, I thought should add application registry record to update set, but yes, it is missing. Also this article FujiForty - Update Synch, the New Way — CAVUCode explains that


Maybe the reason why it can't be an application file is that it contains sensitive data (client_secret).


Screenshot_2015-07-29_20_56_40.png


Preview file
107 KB
0 Helpfuls

silas1
ServiceNow Employee
ServiceNow Employee
In response to john_roberts

‎07-31-2015 02:32 PM

I believe it was an oversight that these tables are not Application Files and it's being addressed in a future release.


0 Helpfuls