OAuth 2.0 Client Credentials works in Postman but not from ServiceNow-to-ServiceNow (401 error)

dd31 · 3 weeks ago

Hi all,

I followed all the steps to set up OAuth 2.0 Client Credentials for a ServiceNow-to-ServiceNow integration:

In Instance A (target), created an OAuth Provider (Application Registry) with Client ID, Client Secret, and Redirect URL. Associated a user (with admin role) under OAuth application user.
In Instance B (caller), created an Application Registry to consume Instance A’s credentials (client id, secret, token URL, grant type = Client Credentials).
In Instance B, created a REST Message pointing to Instance A’s Table API, set Authentication type = OAuth 2.0
Clicked on Get OAuth Token — token is generated successfully.
But when I test the HTTP method (GET) in the REST Message, I get:

401 User Not Authenticated - Required to provide Auth information

VikMach · 3 weeks ago

@dd31, Ok. I achieved that also without using UserID and Password.
Step 1)
All that you need to do is, in your Target Instance from where you got your Client ID and Secret, ensure the "Default Grant type" is set to "Client Credentials" and "OAuth Application User" as your Rest User profile with right level of API access/roles. Like example below.
I gave my Rest User service account "snc_platform_rest_api_access" role. It allows access to Rest APIs:
- Table API
- Import Set API
- Aggregate API
- Attachment API

Step 2) In your source instance, from where you're calling the target instance for Token(s), ensure to set "Grant type" in your OAuth Entity Profile as "Client Credentials".
Save the record and go to your REST Message record and click on "Get OAuth Token" related link. It will auto fetch the "Access token" and "Refresh token".

I just tried and it worked for me!

Let me know if any issues.

Regards,
Vikas K

View solution in original post

Ankur Bawiskar · 3 weeks ago

@dd31

share the script you are using.

It should work fine

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

dd31 · 3 weeks ago

hi @Ankur Bawiskar

I have created a simple REST message using OAuth 2.0 for authentication and the GET HTTP method, targeting the table API of target ServiceNow instance. When I click 'Get OAuth Token,' it retrieves the token successfully, but when I click 'Test' under Related Links, it returns this message: {"error":{"message":"User Not Authenticated","detail":"Required to provide Auth information"},"status":"failure"} Method failed: (/api/now/table/sys_user) with code: 401 - Invalid username/password combo

Ankur Bawiskar · 3 weeks ago

@dd31

how it behaves when you run background script?

you should first get access token and then use that in actual API call.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

dd31 · 3 weeks ago

var clientId = "****";
var clientSecret = "**"; 
var tokenUrl = "https://*****.service-now.com/oauth_token.do";

var tokenRequest = new sn_ws.RESTMessageV2();
tokenRequest.setHttpMethod("post");
tokenRequest.setEndpoint(tokenUrl);
tokenRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

var tokenBody = "grant_type=client_credentials"
+ "&client_id=" + encodeURIComponent(clientId)
+ "&client_secret=" + encodeURIComponent(clientSecret);

tokenRequest.setRequestBody(tokenBody);

var tokenResponse = tokenRequest.execute();
var tokenStatus = tokenResponse.getStatusCode();
var tokenBodyResp = tokenResponse.getBody();

gs.info("Token Status: " + tokenStatus);
gs.info("Token Response: " + tokenBodyResp);

// Parse access token
var tokenJson = JSON.parse(tokenBodyResp);
var accessToken = tokenJson.access_token;
gs.info("Access Token: " + accessToken);

var apiUrl = "https://****.service-now.com/api/now/table/sys_user?sysparm_limit=5";
var apiRequest = new sn_ws.RESTMessageV2();
apiRequest.setHttpMethod("get");
apiRequest.setEndpoint(apiUrl);

apiRequest.setRequestHeader("Authorization", "Bearer " + accessToken);
apiRequest.setRequestHeader("Accept", "application/json");

var apiResponse = apiRequest.execute();
var apiStatus = apiResponse.getStatusCode();
var apiBody = apiResponse.getBody();

gs.info("API Status: " + apiStatus);
gs.info("API Response: " + apiBody);
gs.info("API Error Message: " + apiResponse.getErrorMessage());

Although i am able to retrieve the access token, but when i hit the main table api, i am getting exactly same error in background script, i tried on 2 of my personal PDIs, there also i am facing a similar issue.