Okta spoke and Oauth help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2023 09:10 AM
Has anyone had any success connecting to Okta using the okta spoke, with Oauth? We followed the instructions in the docs (https://docs.servicenow.com/bundle/tokyo-application-development/page/administer/integrationhub-stor...) and we receive the Oauth token and it seems to be refreshing successfully. When I go into the Okta Spoke > Okta Groups application and click the 'get groups' button, the flow that runs doesn't work.
When I dig into it, the error it's getting is: Method failed: (/api/v1/groups) with code: 403 - Forbidden username/password combo
It's like it's not passing through the oauth credentials and/or the header correctly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2023 06:29 AM
I was able to duplicate most of the oAuth setup on a PDI with a dev okta account (please allow the installation of okta spoke in PDI's 😞 ) and I think I know the issue. While the user had the correct scopes assigned in okta, it also needed to be in the admin group(s) to do the operation. In my dev okta, I added them to the Group Administrator role and then I was able to call the /groups endpoint successfully.
Haven't been able to try this with the systems that were failing in my original post yet, but I think this was the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-04-2025 07:04 AM
I ran into similar issue ... Only if the user in OKTA who gets the token is admin it works properly... It does not make sense as it should be using the app permissions... or am I missing something?