Issue || OAuth - JWT Bearer (Grant Type)

Kingstan M · ‎05-20-2023

Hello - SN.

Followed this doc = OAuth 2.0 credentials for GitHub Apps - JWT (servicenow.com)

Got details from GitHub end.

But when i try to refresh token i get this error

OAuth flow failed. Verify the configurations and try again. Error detail:invalid_request, Missing parameters: access_token

I tried to log OAuth Util script

//* Dont edit this script include. Best practise: Extend this script include and override the functions. 
var OAuthUtil = Class.create();
OAuthUtil.prototype = {
    initialize: function(oauthContext) {
        this.oauthContext = oauthContext;
    },

    interceptRequestParameters: function(requestParamMap) {
        // Add/Modify request parameters if needed
        this.preprocessAccessToken(requestParamMap);
    },

    parseTokenResponse: function(accessTokenResponse) {
        this.postprocessAccessToken(accessTokenResponse);
    },

    preprocessAuthCode: function(requestParamMap) {},

    preprocessAccessToken: function(requestParamMap) {},

    postprocessAccessToken: function(accessTokenResponse) {
        gs.log("kratos_wee accessTokenResponse.getContentType()===>" + accessTokenResponse.getContentType());
        gs.log("kratos_wee accessTokenResponse.getBody()====>" + accessTokenResponse.getBody());
        var contentType = accessTokenResponse.getContentType();
        if (contentType && contentType.indexOf('application/json') != -1) {
            var tokenResponse = (new global.JSON()).decode(accessTokenResponse.getBody());
            var paramMap = accessTokenResponse.getparameters();
            for (param in tokenResponse)
                paramMap.put(param, tokenResponse[param].toString());
        }
    },

    type: 'OAuthUtil'
};

I see the log over accessTokenResponse --below--

kratos_wee accessTokenResponse.getBody()====>{"message":"A JSON web token could not be decoded","documentation_url":"https://docs.github.com/rest"

kratos_wee accessTokenResponse.getContentType()===>application/json; charset=utf-8

Any advice?

Note : As per the OAuth 2.0 credentials for GitHub Apps - JWT (servicenow.com) i dont see OAuth API script = OAuthDevOpsGitHubJWTHandler. in the instance.

Many thanks.

JG16 · ‎11-07-2023

Hi,

Is this issue resolved ? If so, how did you resolve it. I am getting same error. When i check the outbound http logs i found this error "A JSON web token could not be decoded"

Please let me know.

Thanks In Advance,

JG

POOJA JAGADEES1 · ‎04-19-2024

We faced this issue and found that API script that we were using in the application registry was not correct. When we used the below script it worked fine. Although the question thread is old, Answering because it might help others who might face similar issues.

var OAuthGitHubJWTHandler = Class.create();

OAuthGitHubJWTHandler.prototype = Object.extendsObject(global.OAuthUtil, {
    initialize: function(oauthContext) {
        this.oauthContext = oauthContext;
        this.jwtProviderSysId = oauthContext.getOAuthProfile().getValue('jwt_provider');
    },

    preprocessAccessToken: function(requestParamMap) {
        this.oauthContext.removeQueryParameter("grant_type");
        this.oauthContext.removeQueryParameter("assertion");
        this.oauthContext.removeQueryParameter("client_secret");
        this.oauthContext.removeQueryParameter("client_id");
        this.oauthContext.addHeader("Accept", "application/vnd.github.v3+json");
        this.oauthContext.addHeader("Content-Type", "application/json");
        this.oauthContext.addHeader("Authorization", this.jwt());
    },

    interceptRequestParameters: function(requestParamMap) {
        this.preprocessAccessToken(requestParamMap);
    },

    parseTokenResponse: function(accessTokenResponse) {
        var tokenBody = JSON.parse(accessTokenResponse.getBody());
        var paramMap = accessTokenResponse.getparameters();
        paramMap.put("access_token", tokenBody.token);

        var expires_at = DevOpsDateUtils.isoDateTimeToGlideDateTime(tokenBody.expires_at);
        var currentTime = new GlideDateTime();

        var expires_in = Math.floor(GlideDateTime.subtract(currentTime, expires_at).getNumericValue()/1000);
        paramMap.put("expires_in", expires_in);
    },

    _jwtPayload: function() {
        var gr = new GlideRecord('jwt_claim_validation');
        gr.addQuery('jwt_provider', this.jwtProviderSysId);
        gr.addQuery('name', 'iss');
        gr.query();

        if (!gr.next()) {
            return;
        }

        return {
            exp: (parseInt(new Date().getTime() / 1000) + 6000),
            iss: gr.getValue('claim_value') //GitHub App Id
        };
    },

    _jwtHeader: function() {
        return {
            type: "JWT",
            alg: "RS256"
        };
    },

    jwt: function() {
        return "Bearer " + this._getJWT();
    },

    _getJWT: function() {
        var jwtAPI = new sn_auth.GlideJWTAPI();
        var headerJSON = this._jwtHeader();
        var payloadJSON = this._jwtPayload();
        var header = JSON.stringify(headerJSON);
        var payload = JSON.stringify(payloadJSON);
        var jwt = jwtAPI.generateJWT(this.jwtProviderSysId, header, payload);
        return jwt;
    },

    type: 'OAuthGitHubJWTHandler'
});