ServiceNow OAuth endpoints URLs NOT requiring 'Instance ID'?

jeff00seattle
Kilo Guru

‎09-12-2023 04:33 AM - edited ‎09-14-2023 07:50 AM

Does ServiceNow provide another OAuth approach that does not require [[Instance ID]] within its OAuth endpoint URLs?

 

I am having difficulty integrating ServiceNow's OAuth into my service because of its requirement to include [[Instance ID]] within OAuth endpoint URLs. 

 

Because of this complication, I cannot deploy a ServiceNow integration solution that would be accessible by multiple ServiceNow clients without knowing their [[Instance ID]] to perform OAuth beforehand.

ServiceNow vs. SalesForce OAuth

ServiceNow and SalesForce provide OAuth access to only a single instance identified by their [[Instance ID]].

However, what differentiates ServiceNow from SalesForce is its handling of OAuth with [[Instance ID]].

 

Having static (without variables) OAuth endpoint URLs is essential for consistent ease of authentication access by another service.

  • ServiceNow OAuth is cumbersome: endpoint URLs are not static b/c requirements to include [[Instance ID]].
  • Salesforce OAuth is consistent with other OAuth services' handling: endpoint URLs are static and do not require [[Instance ID]].

OAuth Flow Comparison:

ServiceNow

  • OAuth 2.0 endpoint URLs are variable and require ServiceNow [[Instance ID]], which is extremely inconvenient for any versatile integration effort.
  • OAuth response's access profile: access_token, refresh_token, scope

 

https://**[[Instance ID]]**.service-now.com/oauth_auth.do
https://**[[Instance ID]]**.service-now.com/oauth_token.do

 

Salesforce

  • OAuth 2.0 endpoint URLs are static and does not require Salesforce [[Instance ID]].
  • OAuth response's access profile: access_token, refresh_token, scope, instance_url (https://[[Instance ID]].salesforce.com/)

 

https://login.salesforce.com/services/oauth2/authorize
https://login.salesforce.com/services/oauth2/token	
https://login.salesforce.com/services/oauth2/userinfo

 

 

References:

ServiceNow: OAuth authorization code grant flow

SalesForce: OAuth Endpoints 

SalesForce: OAuth 2.0 Web Server Flow for Web App Integration 

Stack Overflow: Why complicate endpoint URLs requiring 'Instance ID'?

 

0 Helpfuls
  • 424 Views
0 REPLIES 0