How to auto regenerate access token

C_S3
Tera Contributor

Hello All,
We have configured Microsoft Azure Entra and SNOW instance to fetch groups from Azure to our instance. We have build the connection successfully by using REST Message and scheduled job. 
We are facing one issue here, we need to auto regenerate access token of the REST message. 
Any help would be appreciated.

Thank you!

4 REPLIES 4

Lukasz Bojara
Kilo Sage

Hey there!

If you're using oAuth, you can make use of the refresh token. Once you've used the user and password combo for the first time, you'll receive an access token and a refresh token. Then, you can use the refresh token to get a new access token.

 

LukaszBojara_0-1720095095029.png

 

Hello @Lukasz Bojara ,
I'm a newbie in integration. Could you please explain the steps to achieve this?

gaurrohi
Tera Expert

HI @C_S3,

I assume you've already configured everything in the application registry for OAuth 2.0 and are using the grant_type password to get the refresh token and access token.

 

Here’s a suggestion: create two system properties to store the username and password. Use the "password2" type for the password property, or you can use the credentials store for both.

 

Once you've set up the system properties, create a Script Include and call it periodically from a scheduled job to retrieve the token from the provider.

 

You have two options:

 

Retrieve and store the refresh token, then use it to get the access token.

Retrieve both the access and refresh tokens every time the scheduled job runs.

Here we are proceeding with the 02nd option

 

Create System Properties: I've created two system properties:

 

rg.azure.entra.username – to store the username

rg.azure.entra.password – to store the password

Create a Script Include:

 

 

 

var EntraTokenFetch = Class.create();

 

EntraTokenFetch.prototype = {

 

    initialize: function() {},

 

 

 

    tokenFetch: function() {

 

        try {

 

            gs.log("Starting tokenFetch...");

 

 

 

            // Get the system properties

 

            var usernameEntra = gs.getProperty('rg.azure.entra.username'); //username stored in sys_properties

 

            var passwordEntra = gs.getProperty('rg.azure.entra.password'); // password stored in sys_properties

 

            if (!usernameEntra || !passwordEntra) {

 

                gs.log("Username or password is not set in the system properties.");

 

                return;

 

            }

 

            gs.log("Username and password retrieved.");

 

 

 

            var requestor_context = 'test';

 

            var requestor_id = usernameEntra;

 

            var oauth_profile_id = '93d6a1f9498544fcb2f76f289c4e7714'; // profile ID [sys_id of 'OAuth Entity Profiles' (oauth_entity_profile) record in OAUTH registry record]

 

 

 

            var params = {

 

                grant_type: "password",

 

                username: usernameEntra,

 

                password: passwordEntra,

 

                oauth_requestor_context: requestor_context,

 

                oauth_requestor: requestor_id,

 

                oauth_provider_profile: oauth_profile_id

 

            };

 

 

 

            gs.log("OAuth parameters set.");

 

 

 

            var json = new global.JSON();

 

            var text = json.encode(params);

 

 

 

            var oAuthClient = new sn_auth.GlideOAuthClient();

 

            gs.log("OAuth client initialized.");

 

 

 

            var tokenResponse = oAuthClient.requestToken('7f96b51a47f902500465afb8036d43bd', text); //sys_id of the OAuth application registry record (oauth_entity)

 

            if (!tokenResponse) {

 

                gs.log("Failed to get token response.");

 

                return;

 

            }

 

            gs.log("Token response received.");

 

 

 

            var token = tokenResponse.getToken();

 

           

 

            if (!token) {

 

                gs.log("Failed to get token from response.");

 

                return;

 

            }

 

 

 

            var access_token = token.getAccessToken();

 

            var refresh_token = token.getRefreshToken();

 

                                          

 

            gs.log("AccessToken: " + access_token);

 

            gs.log("AccessTokenExpiresIn: " + token.getExpiresIn());

 

            gs.log("RefreshToken: " + refresh_token);

 

 

 

        } catch (e) {

 

            gs.log("Error in tokenFetch: " + e.message);

 

        }

 

    },

 

 

 

    type: 'EntraTokenFetch'

 

};

 

 

Create a Scheduled Job:

 

Schedule it as needed and use the following code to call your script:

 

 

 

var entraAzureToken = new EntraTokenFetch();

 

entraAzureToken.tokenFetch();

 

 

 

Please mark the response as the correct answer and helpful, This may help other community users to follow the proper solution. 

Please mark the response as the correct answer and helpful. This may help other community users to follow the correct solution.

Regards,
Rohit Singh

gaurrohi
Tera Expert

Hi @C_S3 ,

 

I assume you've already configured everything in the application registry for OAuth 2.0 and are using the grant_type password to get the refresh token and access token.

Here’s a suggestion: create two system properties to store the username and password. Use the "password2" type for the password property, or you can use the credentials store for both.

Once you've set up the system properties, create a Script Include and call it periodically from a scheduled job to retrieve the token from the provider.

You have two options:

  1. Retrieve and store the refresh token, then use it to get the access token.
  2. Retrieve both the access and refresh tokens every time the scheduled job runs.

Here we are proceeding with the 02nd option

Create System Properties: I've created two system properties:

  • rg.azure.entra.username – to store the username
  • rg.azure.entra.password – to store the password

Create a Script Include:

 

var EntraTokenFetch = Class.create();

EntraTokenFetch.prototype = {

    initialize: function() {},

 

    tokenFetch: function() {

        try {

            gs.log("Starting tokenFetch...");

 

            // Get the system properties

            var usernameEntra = gs.getProperty('rg.azure.entra.username'); //username stored in sys_properties

            var passwordEntra = gs.getProperty('rg.azure.entra.password'); // password stored in sys_properties

            if (!usernameEntra || !passwordEntra) {

                gs.log("Username or password is not set in the system properties.");

                return;

            }

            gs.log("Username and password retrieved.");

 

            var requestor_context = 'test';

            var requestor_id = usernameEntra;

            var oauth_profile_id = '93d6a1f9498544fcb2f76f289c4e7714'; // profile ID [sys_id of  'OAuth Entity Profiles' (oauth_entity_profile) record in OAUTH registry  record]

 

            var params = {

                grant_type: "password",

                username: usernameEntra,

                password: passwordEntra,

                oauth_requestor_context: requestor_context,

                oauth_requestor: requestor_id,

                oauth_provider_profile: oauth_profile_id

            };

 

            gs.log("OAuth parameters set.");

 

            var json = new global.JSON();

            var text = json.encode(params);

 

            var oAuthClient = new sn_auth.GlideOAuthClient();

            gs.log("OAuth client initialized.");

 

            var tokenResponse = oAuthClient.requestToken('7f96b51a47f902500465afb8036d43bd', text); //sys_id  of the OAuth application registry record (oauth_entity)

            if (!tokenResponse) {

                gs.log("Failed to get token response.");

                return;

            }

            gs.log("Token response received.");

 

            var token = tokenResponse.getToken();

           

            if (!token) {

                gs.log("Failed to get token from response.");

                return;

            }

 

            var access_token = token.getAccessToken();

            var refresh_token = token.getRefreshToken();

                                          

            gs.log("AccessToken: " + access_token);

            gs.log("AccessTokenExpiresIn: " + token.getExpiresIn());

            gs.log("RefreshToken: " + refresh_token);

 

        } catch (e) {

            gs.log("Error in tokenFetch: " + e.message);

        }

    },

 

    type: 'EntraTokenFetch'

};

Create a Scheduled Job:

Schedule it as needed and use the following code to call your script:

 

var entraAzureToken = new EntraTokenFetch();

entraAzureToken.tokenFetch();

 

Please mark the response as the correct answer and helpful, This may help other community users to follow the proper solution.

Please mark the response as the correct answer and helpful. This may help other community users to follow the correct solution.

Regards,
Rohit Singh