Third party integration - Outbound OAuth 2.0 HTTP Error 401

Arun Chauhan
Giga Contributor

‎10-23-2018 07:21 AM

We are working on a ServiceNow integration with a third-party system where we have to fulfil the ServiceNow ticket based on how an access request progresses in the third-party system. For this we are doing investigation on the Authorization code OAuth flow where our third-party system is a OAuth provider for ServiceNow.

To achieve this we have created a OAuth Client Profile in ServiceNow. When we are clicking on “Get OAuth Token” on Outbound REST message, a popup appears where we provide the correct user authentication parameters and submits it. On submit we get below error:

HTTP Error 401 - Unauthorized

We tried debugging the issue through ‘OAuthUtil’ script. We added log statements in the “postProcessAccessToken” which printed below response:

"status":"401", "error": "unauthorized", "message": "Full authentication is required to access this resource"

We suspect this is happening because ServiceNow is not sending below basic authorization header information in the token request.

Header: 'Authorization: Basic Base64(clientId:clientSecret)

The same thing is working using the POSTMAN client configured for third-party OAuth provider.

Could anyone please confirm if ServiceNow sends the client authentication information(client id and secret) in the token request header for third party OAuth provider. 

Preview file
74 KB
  • 2,370 Views
3 REPLIES 3

SatheeshKumar
Kilo Sage

‎10-28-2018 11:01 PM

HI,

 

check the below links, im not sure it will resolve your issue but you may find some thing that helps to debugg your issue!!

https://community.servicenow.com/community?id=community_blog&sys_id=a1fce2a5dbd0dbc01dcaf3231f961939...

 

https://developer.servicenow.com/app.do#!/lp/servicenow_application_developer/app_store_learnv2_rest...

 

Thanks,

Satheesh

0 Helpfuls

RatneshTSN
Giga Guru

‎10-28-2018 11:54 PM

Just to confirm you have created OAUTH provider not OAUTH client as you mentioned above 

Your OAUTH profile type should be OAuth Provider

By this error seems you need to pass scope also [ OAuthEntityProfile, OAuthScopes ], or check the third party integration document

"status":"401", "error": "unauthorized", "message": "Full authentication is required to access this resource"

 

Sample link for OAuth Provider & scope setup

https://docs.servicenow.com/bundle/kingston-application-development/page/integrate/outbound-rest/tas...

0 Helpfuls

Arun Chauhan
Giga Contributor

‎10-30-2018 03:43 AM

Update:

 

I got below reply from ServiceNow support - 

 

The description you made looks to me like PRB710888.

You can find if public here:

https://hi.service-now.com/kb_view.do?sysparm_article=KB0694538

The OAuth consumer's Client Credentials flow needs to be enhanced to support client_id, client_secret auth in (

1) Authorization header

(2) HTTP request body

However, ServiceNow only support (2), we need to add (1) support so we raised the enhancement request for this.

 

There is no workaround.

0 Helpfuls