Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Oauth via Scheduled Job

Ashby0003
Tera Guru

‎11-22-2019 12:18 PM

Hi I've created a Application Registry to connect to our AzureAD. 

If i go to the outbound rest message and click "Get oAuth Token" i receive the token and can run the API Call; however, i'm now attempting to refresh this token and run the call via a scheduled job. I have the below script which is giving me an error. 

var tokenRequest = new   sn_auth.GlideOAuthClientRequest();
var oAuthClient = new   sn_auth.GlideOAuthClient();
var tokenResponse = oAuthClient.requestTokenByRequest('{Name of Application Registry}',tokenRequest);

gs.log("Error:" + tokenResponse.getErrorMessage());
var token = tokenResponse.getToken();
gs.log("AccessToken:" + token.getAccessToken());
gs.log("AccessTokenExpiresIn:" + token.getExpiresIn());
gs.log("RefreshToken:" + token.getRefreshToken());

I ran this as a background script to more easily show the error. 

OAuthProblemException{error='invalid_request', description='AADSTS900144: The request body must contain the following parameter: 'grant_type'.
Trace ID: 1e49014c-aaf2-44f4-b2e9-b4b48f1b2c01
Correlation ID: 54debada-3483-47e6-8f1a-dea6db0bcb00
Timestamp: 2019-11-22 20:16:37Z', uri='https://login.microsoftonline.com/error?code=900144', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}
*** Script: Error:invalid_request, AADSTS900144: The request body must contain the following parameter: 'grant_type'.
Trace ID: 1e49014c-aaf2-44f4-b2e9-b4b48f1b2c01
Correlation ID: 54debada-3483-47e6-8f1a-dea6db0bcb00
Timestamp: 2019-11-22 20:16:37Z, https://login.microsoftonline.com/error?code=900144
*** Script: AccessToken:null
*** Script: AccessTokenExpiresIn:0
*** Script: RefreshToken:null

 What am i missing? the Application Registry has a grant type listed... 

 

0 Helpfuls
  • 1,431 Views
2 REPLIES 2

ARG645
Tera Guru

‎11-22-2019 01:10 PM

Try adding a grant type parameter. 

var tokenRequest = new   sn_auth.GlideOAuthClientRequest();\


tokenRequest.setParameter('grant_type', 'password');//assuming your grant type in the application registry record is of type password


var oAuthClient = new   sn_auth.GlideOAuthClient();
var tokenResponse = oAuthClient.requestTokenByRequest('{Name of Application Registry}',tokenRequest);

gs.log("Error:" + tokenResponse.getErrorMessage());
var token = tokenResponse.getToken();
gs.log("AccessToken:" + token.getAccessToken());
gs.log("AccessTokenExpiresIn:" + token.getExpiresIn());
gs.log("RefreshToken:" + token.getRefreshToken());
0 Helpfuls

Ashby0003
Tera Guru
In response to ARG645

‎11-22-2019 01:36 PM

Thanks, now i got a new error to investigate. haha

 

{error='invalid_request', description='AADSTS900144: The request body must contain the following parameter: 'code'.

I'm not even sure what it'd be expecting for this.
0 Helpfuls