The benefits of OAuth

Patricia9
Tera Contributor

‎01-23-2024 07:09 AM

I am currently implementing an integration with an external team to use the API of ServiceNow in order to create tickets.

 

As far as I know there are 2 ways of connecting to the instance:
- Basic authentication = user and password
- OAuth = Access token

 

I was investigating about OAuth because I heard that it was more secure but this is not clear for me:
    1. When a user needs to retrieve the access token they need to use the credentials. So I don't understand what will stop the users from using the credentials directly instead of the Access Token.
   
    2. The way of using OAuth for these cases is using the Password grant type. However, I read in the documentation that it is "insecure, and are no longer recommended for use." See: 



Therefore, I have 2 questions:

 

  • I would like to know how do you give access to your users to use the ServiceNow API? And also
  • Why the OAuth is more secure than Basic Authentication as, in the end, you need to use the credentials to retrieve the Access Token. After my investigation, I don’t see any benefit of using this instead of the Basic Authentication. Is there something I am missing?

 

Thank you for your help!
  • 2,277 Views
2 REPLIES 2

Maik Skoddow
Tera Patron
Tera Patron

‎01-23-2024 06:57 PM

Hi @Patricia9 

some resources for further reading:

Maik

Anand Kumar P
Giga Patron
Giga Patron

‎01-23-2024 07:12 PM

Hi @Patricia9,

OAuth is utilized to enable users to access resources on a platform through external clients without sharing login credentials for each request. It enhances security, allowing third-party applications to interact with user data via tokens, reducing the need for constant authentication. OAuth facilitates scenarios like third-party data access (Inbound) and pulling data from external providers (Outbound) while maintaining user privacy and control over access permissions. It’s a secure, standardized framework supporting various grant types for access token acquisition, contributing to a more seamless and secure user experience.

1. You grant access to the ServiceNow API using OAuth, where users get an access token securely. They use this token for API requests instead of sharing their credentials each time, reducing the risk of exposing sensitive information.
2. OAuth is more secure than Basic Authentication because, even though credentials are used to get an access token, the token has limited use and duration. It’s like having a temporary key that minimizes the chance of exposing sensitive data, compared to Basic Authentication, where credentials are sent with every request. OAuth adds a layer of security and is recommended for its standardized, safer approach to API access.

 

Mark it as helpful and solution proposed if it serves your purpose.
Thanks,
Anand