hi @hoathong99 ,

• gs.getSession().impersonate() lets your script act like the user, but it does not change the actual web session of the browser.

• So the browser session still belongs to the original user or anonymous session.

How to do real login with token in ServiceNow:

1. Use the ServiceNow REST API or Authentication API:

   • Normally, ServiceNow uses username/password or SSO to log users in.

   • But you can create a custom authentication handler that checks your token.

   • When user scans QR, the token is sent to your custom login URL.

   • If token is valid, you programmatically create a session for that user.

2. Use GlideSession APIs for creating sessions on server side:

   • Server scripts can create sessions but it’s tricky because ServiceNow controls session cookies in the browser.

   • You cannot simply assign current user in script and expect the browser session to switch.

3. Recommended approach - Redirect with a token parameter and handle login in a UI Script:

   • After token validation, redirect the user to a URL like /login_redirect.do?sysparm_token=xxxx

   • Create a UI Script or Script Include that processes this token, validates it, and then logs the user in by setting gs.getSession().setCurrentUser()

   • But again, this may not fully work for the web session unless you use an authentication mechanism.

4. Best practice: Use OAuth or SSO style flow with your token as a one-time code:

   • ServiceNow supports OAuth and SAML.

   • You can create an OAuth token based on your single-use token.

   • Then, redirect user to login with that OAuth token.

5. Simple workaround using Impersonation and Redirect:

   • Use impersonation server side, then redirect user to the homepage.

   • The user will see the impersonated session.

   • But the user might have to confirm or it’s visible in UI.