Hi, I'm wondering if scenario is supported and if it is, how it can be done.
I have a ServiceNow instance which calls an external API to retrieve data from an on-premise system. The ServiceNow instance contains information on what the user can access and I want to provide that information as part of the "claims" in a bearer token to the external API.
Ideally ServiceNow would generate the token with the custom claims added and send an outbound REST message to the external API. The API validates the token, extracts the custom claims and returns the relevant resources. I'm trying to avoid a separate (external) OAuth provider as ServiceNow holds the information I need.
I have a proof of concept working where ServiceNow will send an internally generated bearer token to the external API via an outbound REST message, but it's not clear how custom claims can be implemented. I've tried setting up a JWT Provider that's referenced in the OAuth profile of the outbound REST message, but the bearer token does not change (no custom claims).
Thanks, Aaron
