OAuth with authorization_code approach fails everytime

Nuno Donato · ‎09-07-2022

Hi folks

I've bumped into walls for 2 days straight trying to figure this out, and I'm out of clues!

Been trying to integrate an app with service now rest api using OAuth. Most guides and tutorials (as well as forum questions) use the username+password approach to authenticate, which also works for me. But I need to use the autorization_code approach and not username+password.

I've reviewed the code and the flow countless times and I can't find the flaw. After authenticating and being redirected back to the given url, the last call to get the token keeps failing with "access_denied"

I even went back to postman to have a really manual approach to what is being sent and make sure nothing is missing. Like I said, the first part works fine, but the 2nd call after getting the code is what fails. This is what it looks like

this is what I get

I've also verified that OAuth plugin is installed and active. I couldn't find any other configs to check... is there something I still need to enable?

thanks very much, I'm really tired of trying...

Tony Chatfield1 · ‎09-07-2022

Hi, when requesting an auth token from ServiceNow instance you need to pass in these values

grant_type: 'password'
client_id: from your instance Application registry record
client_secret: from your instance Application registry record
username: the instance user account being used to authenticate (nominally an integration specific account)
password: the user accounts password

jasongb · ‎12-02-2022

The original post asked about the authorization_code grant type, which ServiceNow documentation purports to support. Changing to a different grant type does not solve the problem.

jasongb · ‎12-02-2022

The documentation indicates that ServiceNow supports the 'authorization_code' grant type. I am trying to work with the Splunk integration for ServiceNow, which uses the 'authorization_code' grant type.

We are limited to using local accounts for integrations. Our team requires that service accounts interacting with the REST API must be local accounts.

I am using Postman to test the authorization_code grant type. If I use the ServiceNow UI to authenticate with my Windows credentials (through the 'external logon' option), I can complete the authorization code workflow. If I use the ServiceNow UI to authenticate with the local account our ServiceNow team has provided, I receive an HTTP 401 response when I try to retrieve my token.

How can I configure ServiceNow to support the authorization code workflow for local ServiceNow accounts?

Tony Chatfield1 · ‎12-03-2022

If you are able to complete your authentication process using your own ServiceNow login credentials, but not those provided for the integration account then I would suspect that the integration account is not configured correctly in ServiceNow or the details you have been provided are incorrect, and would suggest that you go back to your local ServiceNow team.