ServiceNow - Avepoint Integration

Praful_1968
Tera Contributor

‎12-06-2023 01:12 AM - edited ‎12-07-2023 09:04 PM

I'm Integrating servicenow with avepoint. To access avepoint rest apis we need to generate a access token using x509 certificate. Following is a dotnet code provided by avepoint. Kindly suggest an alternative in javascript.

 

var identityServiceUrl = "{https://identity.avepointonlineservices.com}";

var client = new HttpClient();

var disco = await client.GetDiscoveryDocumentAsync(identityServiceUrl);

if (disco.IsError)

{

    return;

}

var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest

{

    Address = disco.TokenEndpoint,

    ClientAssertion = new ClientAssertion()

    {

        Type = OidcConstants.ClientAssertionTypes.JwtBearer,

        Value = CreateClientAuthJwt(disco)

    },

    Scope = "partner.license.read.all partner.customers.read.all"

}

if (tokenResponse.IsError)

{   

    return;

}

return  tokenResponse.Json

private static string CreateClientAuthJwt(DiscoveryDocumentResponse response)

        {

            var clientId = "{Client ID}";

            var certificateThumbprint = "{Certificate Thumbprint}";

 

            // set exp to 5 minutes

            var tokenHandler = new JwtSecurityTokenHandler { TokenLifetimeInMinutes = 60 };

 

            var securityToken = tokenHandler.CreateJwtSecurityToken(

                // iss must be the client_id of our application

                issuer: clientId,

                // aud must be the identity provider (token endpoint)

                audience: response.TokenEndpoint,

                // sub must be the client_id of our application

                subject: new ClaimsIdentity(

                  new List<Claim> { new Claim("sub", clientId),

                  new Claim("jti", Guid.NewGuid().ToString())}),

                // sign with the private key (using RS256 for IdentityServer)

                signingCredentials: new SigningCredentials(

                  new X509SecurityKey(new X509Certificate2(LoadCertificate(certificateThumbprint))), "RS256")

            );

            return tokenHandler.WriteToken(securityToken);

        }

private static X509Certificate2 LoadCertificate(string certificateThumbprint)

        {

            var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);

            store.Open(OpenFlags.ReadOnly);

            var vCloudCertificate = store.Certificates.Find(

                    X509FindType.FindByThumbprint,

                    certificateThumbprint,

                    false)[0];

            return vCloudCertificate;

        }

@ankurt

0 Helpfuls
  • 860 Views
1 REPLY 1

Marcos Kassak
Kilo Sage
Kilo Sage

‎12-06-2023 01:24 PM

Hi @Praful_1968,

 

I have navigated through some forums and here is a piece of the code that you may want to use and improve it better:

 

var AvePointTokenGenerator = Class.create();
AvePointTokenGenerator.prototype = Object.extendsObject(AbstractAjaxProcessor, {

    generateAccessToken: function() {
        var identityServiceUrl = "https://identity.avepointonlineservices.com";
        var clientId = "{Client ID}";
        var certificateThumbprint = "{Certificate Thumbprint}";

        var tokenEndpoint = this.getDiscoveryDocument(identityServiceUrl);

        if (tokenEndpoint.isError()) {
            return tokenEndpoint; // Return error response
        }

        var tokenResponse = this.requestClientCredentialsToken(tokenEndpoint, clientId, certificateThumbprint);

        if (tokenResponse.isError()) {
            return tokenResponse; // Return error response
        }

        return tokenResponse.getJson(); // Return token JSON
    },

    getDiscoveryDocument: function(identityServiceUrl) {
        // Perform HTTP request to fetch discovery document
        // Use GlideHTTPRequest or GlideHTTPClient to perform the request
        // Process and return discovery document response
    },

    requestClientCredentialsToken: function(tokenEndpoint, clientId, certificateThumbprint) {
        // Create JWT token with specified claims, use GlideSecureRandom to generate jti
        // Sign token with private key using RS256 algorithm
        // Use GlideHTTPClient or GlideHTTPRequest to request token
        // Return token response
    },

    type: 'AvePointTokenGenerator'
});

// Example usage:
var tokenGenerator = new AvePointTokenGenerator();
var accessToken = tokenGenerator.generateAccessToken();
gs.info("Access Token: " + accessToken); // Log the access token (for testing)

 

Make sure to create it into a Script Include and let me know.

 

If you found my answer helpful or correct in any way, please don't forget to mark it to help future readers! 👍

 

--

 

Kind regards,


Marcos Kassak
Solution Consultant  🎯