- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
I am unable to get a REST API token using ServiceNow OAuth. We are not yet on Zurich to make use of the MIC. I selected OAuth API endpoint for external clients. The token does not get issued when using Client ID and secret. We have Entra ID serving as our OIDC external provider, but only for SSO. There seems to be a redirect here, but this won't support REST API as far as I know.
Any help would be really appreciated.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
The resolution to this was the hidden OAuth Application User field in the form. No idea why it would be hidden (Yokohama P1).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Using grant_type=refresh_token i get the following - failedResponse should contain access_token | AssertionError: expected false to be true
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
The resolution to this was the hidden OAuth Application User field in the form. No idea why it would be hidden (Yokohama P1).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
I ran your REST API OAuth question through snowcoder ai. Here's what you need to know about implementing OAuth with REST APIs in ServiceNow.
**Setting Up OAuth for REST Messages**
When configuring a REST Message to use OAuth 2.0, you'll need to:
1. **Set the Authentication Type** to `oauth2` on your REST Message record
2. **Configure an OAuth Provider Profile** that points to your external service's token endpoint
3. **Link the profile** to your REST Message via the `oauth2_profile` field
**Getting and Managing Tokens**
ServiceNow provides the `sn_auth.GlideOAuthClient` class for token management. Here's a basic example for client credentials flow:
```javascript
var tokenRequest = new sn_auth.GlideOAuthClientRequest();
tokenRequest.setParameter('oauth_requestor_context', 'sys_rest_message');
tokenRequest.setParameter('oauth_requestor', restMessageSysId);
tokenRequest.setParameter('oauth_provider_profile', oauthProfileSysId);
var oAuthClient = new sn_auth.GlideOAuthClient();
var tokenResponse = oAuthClient.requestTokenByRequest(null, tokenRequest);
if (tokenResponse.getErrorMessage()) {
gs.error('OAuth failed: ' + tokenResponse.getErrorMessage());
} else {
var token = tokenResponse.getToken();
if (token && token.getAccessToken()) {
gs.info('Token acquired successfully');
}
}
```
**Checking Token Availability**
You can verify if a valid token exists before making calls:
```javascript
var oAuthClient = new sn_auth.GlideOAuthClient();
var token = oAuthClient.getToken(requestorSysId, oauthProfileId);
if (token && token.getAccessToken()) {
var expiresIn = token.getExpiresIn(); // seconds until expiration
gs.info('Token valid for ' + expiresIn + ' seconds');
}
```
**Common Pitfalls**
- Tokens can expire silently. Always check `getExpiresIn()` and refresh proactively with a buffer (60 seconds is common)
- If you're getting 401 errors, verify your client credentials are stored securely and the scope/audience parameters match what the external API expects
- For MID Server scenarios, use `tokenRequest.setMIDServer(midServerName)` if the OAuth plugin for MID is active
If you can share more specifics about what you're trying to integrate or any errors you're seeing, I can provide more targeted guidance.
_______________________________________
I used snowcoder ai to generate this. If you need to tweak the requirements, you can run it through their Yeti AI for free.
