Outbound HTTP REST (oAuth) query fails

andrewrump · ‎05-08-2017

Hi

I am currently developing a data retrieval module which first connect to an oAuth REST service to obtain a token which I then use to make a SOAP request - unfortunately ServiceNow does not support using oAuth with SOAP so I have to program it myself.

I have problems getting an access token using https://api.cisco.com/pss/token - it complains that the client is invalid.

I can get it to work using curl:

curl -d "grant_type=client_credentials&client_id=7f…vv&client_secret=Na…Qc" https://api.cisco.com/pss/token

But when I try to do the same thing inside ServiceNow with the following code:

var sm = new sn_ws.RESTMessageV2();

sm.setEndpoint('https://api.cisco.com/pss/token');

sm.setHttpMethod('post');

sm.setQueryParameter('grant_type', 'client_credentials');

sm.setQueryParameter('client_id', '7f…vv');

sm.setQueryParameter('client_secret', 'Na…Qc');

var response = sm.execute();

I get the following responses:

response.getStatusCode() returns: 401
response.getErrorMessage() returns: Method failed: (/pss/token/) with code: 401 - Invalid username/password combo
response.getBody() returns: {"error":"invalid_client"}

I tried to add sm.setRequestHeader('Accept', 'application/json'); before performing the execute() but that also did not make any difference.

I've tried using GlideHTTPRequest() and get the same result.

What am I doing wrong?

Best regards

Andrew Rump

BusinessNow

josh_nerius · ‎05-15-2017

Hi andrewrump,

I think this is happening because of how you're adding the parameters to the request. setQueryParameter adds the parameters to the URI, not the body of the request.

Instead, try constructing a body using something like this:

var bodyString = '';

bodyString += 'grant_type=client_credentials';

bodyString += '&client_id=' + gs.urlEncode(clientId);

bodyString += '&client_secret=' + gs.urlEncode(clientSecret);


sm.setRequestBody(bodyString);

See https://developer.servicenow.com/app.do#!/api_doc?v=istanbul&id=r_RMV2-setRequestBody_String_body for more info.

You may be able to get away with just constructing the string without gs.urlEncode(), it just depends on what characters my be present in those values.

andrewrump · ‎05-16-2017

Unfortunately I get exactly the same response from the server as in all my other attempts!?!

var sm = new sn_ws.RESTMessageV2();

sm.setEndpoint('https://api.cisco.com/pss/token');

sm.setHttpMethod('post');

var bodyString = '';

bodyString += 'grant_type=client_credentials';

bodyString += '&client_id=' + gs.urlEncode('7f...vv');

bodyString += '&client_secret=' + gs.urlEncode('Na...Qc');

sm.setRequestBody(bodyString);

var response = sm.execute();

gs.log('StatusCode: ' + response.getStatusCode(), BNOW);

gs.log('ErrorMessage: ' + response.getErrorMessage(), BNOW);

gs.log('Body: ' + response.getBody(), BNOW);

But Thanks for trying

josh_nerius · ‎05-16-2017

Interesting. To get to the bottom of this, I'd recommend taking the following steps.

Create a mockbin endpoint
Update your curl command to hit this endpoint (use fake Client ID/Secret for security)
Update your ServiceNow call to also hit this endpoint (use fake Client ID/Secret for security)
Compare the payloads on the mockbin side and determine if there are any differences

I'm guessing there is some minor difference between the requests that needs to be accounted for.

If you're not familiar with mockbin, it's a free testing tool that allows you to create "dummy" endpoints for the purpose of examining the requests made by API clients. This should allow to compare the requests and identify any differences.

Hopefully this uncovers something useful.

andrewrump · ‎05-18-2017

Unfortunately it does not appear to support https which I suspect is the problem here as I can get http requests to work.