How to auto regenerate access token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2024 04:06 AM
Hello All,
We have configured Microsoft Azure Entra and SNOW instance to fetch groups from Azure to our instance. We have build the connection successfully by using REST Message and scheduled job.
We are facing one issue here, we need to auto regenerate access token of the REST message.
Any help would be appreciated.
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2024 05:13 AM
Hey there!
If you're using oAuth, you can make use of the refresh token. Once you've used the user and password combo for the first time, you'll receive an access token and a refresh token. Then, you can use the refresh token to get a new access token.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2024 05:54 AM
Hello @Lukasz Bojara ,
I'm a newbie in integration. Could you please explain the steps to achieve this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2024 12:42 PM - edited 07-23-2024 01:45 PM
HI @C_S3,
I assume you've already configured everything in the application registry for OAuth 2.0 and are using the grant_type password to get the refresh token and access token.
Here’s a suggestion: create two system properties to store the username and password. Use the "password2" type for the password property, or you can use the credentials store for both.
Once you've set up the system properties, create a Script Include and call it periodically from a scheduled job to retrieve the token from the provider.
You have two options:
Retrieve and store the refresh token, then use it to get the access token.
Retrieve both the access and refresh tokens every time the scheduled job runs.
Here we are proceeding with the 02nd option
Create System Properties: I've created two system properties:
rg.azure.entra.username – to store the username
rg.azure.entra.password – to store the password
Create a Script Include:
var EntraTokenFetch = Class.create();
EntraTokenFetch.prototype = {
initialize: function() {},
tokenFetch: function() {
try {
gs.log("Starting tokenFetch...");
// Get the system properties
var usernameEntra = gs.getProperty('rg.azure.entra.username'); //username stored in sys_properties
var passwordEntra = gs.getProperty('rg.azure.entra.password'); // password stored in sys_properties
if (!usernameEntra || !passwordEntra) {
gs.log("Username or password is not set in the system properties.");
return;
}
gs.log("Username and password retrieved.");
var requestor_context = 'test';
var requestor_id = usernameEntra;
var oauth_profile_id = '93d6a1f9498544fcb2f76f289c4e7714'; // profile ID [sys_id of 'OAuth Entity Profiles' (oauth_entity_profile) record in OAUTH registry record]
var params = {
grant_type: "password",
username: usernameEntra,
password: passwordEntra,
oauth_requestor_context: requestor_context,
oauth_requestor: requestor_id,
oauth_provider_profile: oauth_profile_id
};
gs.log("OAuth parameters set.");
var json = new global.JSON();
var text = json.encode(params);
var oAuthClient = new sn_auth.GlideOAuthClient();
gs.log("OAuth client initialized.");
var tokenResponse = oAuthClient.requestToken('7f96b51a47f902500465afb8036d43bd', text); //sys_id of the OAuth application registry record (oauth_entity)
if (!tokenResponse) {
gs.log("Failed to get token response.");
return;
}
gs.log("Token response received.");
var token = tokenResponse.getToken();
if (!token) {
gs.log("Failed to get token from response.");
return;
}
var access_token = token.getAccessToken();
var refresh_token = token.getRefreshToken();
gs.log("AccessToken: " + access_token);
gs.log("AccessTokenExpiresIn: " + token.getExpiresIn());
gs.log("RefreshToken: " + refresh_token);
} catch (e) {
gs.log("Error in tokenFetch: " + e.message);
}
},
type: 'EntraTokenFetch'
};
Create a Scheduled Job:
Schedule it as needed and use the following code to call your script:
var entraAzureToken = new EntraTokenFetch();
entraAzureToken.tokenFetch();
Please mark the response as the correct answer and helpful, This may help other community users to follow the proper solution.
Regards,
Rohit Singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2024 12:36 AM
Hi @C_S3 ,
I assume you've already configured everything in the application registry for OAuth 2.0 and are using the grant_type password to get the refresh token and access token.
Here’s a suggestion: create two system properties to store the username and password. Use the "password2" type for the password property, or you can use the credentials store for both.
Once you've set up the system properties, create a Script Include and call it periodically from a scheduled job to retrieve the token from the provider.
You have two options:
- Retrieve and store the refresh token, then use it to get the access token.
- Retrieve both the access and refresh tokens every time the scheduled job runs.
Here we are proceeding with the 02nd option
Create System Properties: I've created two system properties:
- rg.azure.entra.username – to store the username
- rg.azure.entra.password – to store the password
Create a Script Include:
var EntraTokenFetch = Class.create();
EntraTokenFetch.prototype = {
initialize: function() {},
tokenFetch: function() {
try {
gs.log("Starting tokenFetch...");
// Get the system properties
var usernameEntra = gs.getProperty('rg.azure.entra.username'); //username stored in sys_properties
var passwordEntra = gs.getProperty('rg.azure.entra.password'); // password stored in sys_properties
if (!usernameEntra || !passwordEntra) {
gs.log("Username or password is not set in the system properties.");
return;
}
gs.log("Username and password retrieved.");
var requestor_context = 'test';
var requestor_id = usernameEntra;
var oauth_profile_id = '93d6a1f9498544fcb2f76f289c4e7714'; // profile ID [sys_id of 'OAuth Entity Profiles' (oauth_entity_profile) record in OAUTH registry record]
var params = {
grant_type: "password",
username: usernameEntra,
password: passwordEntra,
oauth_requestor_context: requestor_context,
oauth_requestor: requestor_id,
oauth_provider_profile: oauth_profile_id
};
gs.log("OAuth parameters set.");
var json = new global.JSON();
var text = json.encode(params);
var oAuthClient = new sn_auth.GlideOAuthClient();
gs.log("OAuth client initialized.");
var tokenResponse = oAuthClient.requestToken('7f96b51a47f902500465afb8036d43bd', text); //sys_id of the OAuth application registry record (oauth_entity)
if (!tokenResponse) {
gs.log("Failed to get token response.");
return;
}
gs.log("Token response received.");
var token = tokenResponse.getToken();
if (!token) {
gs.log("Failed to get token from response.");
return;
}
var access_token = token.getAccessToken();
var refresh_token = token.getRefreshToken();
gs.log("AccessToken: " + access_token);
gs.log("AccessTokenExpiresIn: " + token.getExpiresIn());
gs.log("RefreshToken: " + refresh_token);
} catch (e) {
gs.log("Error in tokenFetch: " + e.message);
}
},
type: 'EntraTokenFetch'
};
Create a Scheduled Job:
Schedule it as needed and use the following code to call your script:
var entraAzureToken = new EntraTokenFetch();
entraAzureToken.tokenFetch();
Please mark the response as the correct answer and helpful, This may help other community users to follow the proper solution.
Regards,
Rohit Singh
