Error AADSTS900144: Missing 'requested_token_use' during ServiceNow to Azure Certificate-Based Oauth
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday - last edited yesterday
Hi everyone,
I am currently working on migrating our existing authentication method between Azure AD (Entra ID) and ServiceNow from a Client Secret to Certificate-Based Authentication (JWT Bearer Token).
I have followed the standard guides and completed the configuration on the ServiceNow side:
Uploaded the X.509 Certificate
Created the JWT Key
Configured the JWT Provider
Set up the Application Registry (OAuth Entity)
Created a REST Message pointing to this OAuth profile for testing
However, when I click the "Get OAuth Token" link on the REST Message, the token retrieval fails with the following error from Azure:
OAuth flow failed. Verify the configurations and try again. Error detail: invalid_request, AADSTS900144: The request body must contain the following parameter: 'requested_token_use'.
Trace ID: 5e0d18d2-61a1-439a-8b55-34a59f584d00 Correlation ID: c578214a-47cf-4d40-81af-
8e293fbd7b7c
My Question:
It appears Azure is expecting the requested_token_use parameter in the token request body.
How or where can I inject this specific parameter into the request body within the native ServiceNow OAuth/JWT configuration?
Is there an Out-Of-The-Box (OOTB) way to append this parameter via OAuth Entity Request Parameters, or do I need to script a custom OAuth flow using an OAuthCustomInboundRequestParameters / OAuthCustomQueryParameters script include?
Any guidance, script snippets, or pointers on how to resolve this specific Azure AD requirement within ServiceNow would be highly appreciated!
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
hey @KrishnaMohan
Thanks for sharing the details.
To better understand what's happening, could you provide a few additional details?
- Which OAuth grant type is configured in your ServiceNow Application Registry?
- Are you using the Azure AD token endpoint /oauth2/token (v1) or /oauth2/v2.0/token (v2)?
- Can you capture the outbound token request from ServiceNow (OAuth debug logs, REST Message logs, or a network trace) and share the parameters being sent in the request body?
The error suggests Azure is expecting a parameter that is typically associated with a different OAuth flow, so confirming the grant type and the exact token request being generated will help determine whether this is a configuration issue or if additional parameters need to be added to the request.
