Only admins can make REST API calls with Oauth 2.0 Authorization code grant type

rohanlimaye · ‎06-22-2019

Hi,

I have configured Oauth 2.0 to connect with third party Oauth provider. I can successfully get access and refresh token when I click 'Get oauth token link' from REST message.

I have wrote a business rule on Incident table to trigger the same REST message mentioned above. It triggers successfully for admin accounts but if I impersonate some user with non-admin roles the REST message do not execute.

Have you came across such scenario? Can you please help me with this issue?

Ankur Bawiskar · ‎06-23-2019

Hi Rohan,

Are you able to get the OAuth access token with the non-admin user session?

The ACL on the oauth_credential table might be causing this issue. Try adding a read ACL on the table and provide the role who needs this access to call and you should be able to test it.

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

SanjivMeher · ‎06-22-2019

Can you post your business rule?

Are you passing the client secret and token while sending your request?

Please mark this response as correct or helpful if it assisted you with your question.

rohanlimaye · ‎06-23-2019

Please see attached script include which triggers REST message. My business rule calls this script include on Incident update.

When I put log statements they run till r.executeAsync() but gets stuck at this line.

Does user making REST call need to have read access to oauth_credential table? That is the only place where I can see roles coming into picture. Where admins can access the data in the table and other can't.

Ankur Bawiskar · ‎06-23-2019

Hi Rohan,

Are you able to get the OAuth access token with the non-admin user session?

The ACL on the oauth_credential table might be causing this issue. Try adding a read ACL on the table and provide the role who needs this access to call and you should be able to test it.

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

rohanlimaye · ‎06-23-2019

As I suspected it is the read ACL on oauth_credential table not allowing non-admin user to read the access or refresh token hence failing to make REST API call.