Authenticating ServiceNow CLI for SSO customers

Andrew81
Kilo Contributor

‎08-25-2022 09:08 AM

The ServiceNow CLI only seems to support Basic Authentication and OAuth.  We auth to our instance using SSO and a third part IdP.  We do not support Basic Authentication (does anyone these days?)  How can i develop with the new UI Framework.

  • Do i need to setup an OAuth provider inside our instance and authenticate with that?
  • Do i need to setup my own Developer Instance with basic auth instead?
  • 1,046 Views
2 REPLIES 2

Nathan Stewart
Tera Contributor

‎02-29-2024 07:59 PM

@Andrew81 Did you ever find a solution to this issue?

The following ServiceNow developer article has a great breakdown on getting OAuth to generate a Bearer token using Postman via SSO (Entra ID proven in my case) but I cannot find any good detail on making the ServiceNow CLI (Or any other script that could leverage the REST API) utilise the option, The part 2 of this process deals with node.js and a locally hosted app which doesn't seem to suit my use case:

Inbound OAuth Auth Code Grant Flow Part 1 - Getting Started with Postman (servicenow.com)

0 Helpfuls

Antony J R
Tera Contributor

‎12-11-2024 11:56 AM - edited ‎12-11-2024 12:28 PM

Hello everyone, this is my first post. I found a solution, might be only relevant to at the time of writing, maybe ServiceNow folks fixed it. Its a irony because you gotta do a lot of code-fu to get it working.

First test if the official solution works for you,
1. Install ServiceNow SDK from Application Manager (Version 1.1 and above).
2. From the ServiceNow CLI, now-sdk auth save sn_login --type oauth


It should open a browser and you could login and copy the code and paste it in the cli prompt.

 

But if no browser window is opened then you gotta do some work (IMPORTANT: Please note that the following patch only useful when you can't see any browser opened for the auth flow), I could contribute the fix to ServiceNow but unfortunately they don't accept PRs for this. (I might be wrong, but can't find a repo only source code from npm).

 

Create a new directory, maybe NowSDK.

1. Create a new file called package.json and copy and paste this contents into it,

 

{
  "scripts": {
    "now": "now-sdk"
  },
  "dependencies": {
    "@servicenow/sdk": "^2.2.2",
    "@servicenow/sdk-cli-core": "^2.2.2"
  }
}

 

 

2. Install NPM Packages with, npm install

3. Edit the following file at node_modules/@servicenow/sdk-cli-core/dist/auth/OAuth/CodeGrant.js
4. Search for the following function in that file,

 

// On v2.2.2 its on line 27
const initOAuthFlow = async (host, logger) => {
  ...
}

 

5. Add this line after the authorizationUri variable, something like this,

 

// Don't update this variable, just print it.
const authorizationUri = client.authorizationUrl({
            state,
            redirect_uri: redirectUri,
            code_challenge: codeChallenge,
            code_challenge_method: 'S256',
}); // AGAIN, DON"T UPDATE THIS LINE 
// Add the following line to print out the Authorization URI.
logger?.info(`If web browser is not opened, please open this url in your browser: ${authorizationUri}`);

 

 

Now go to the top of the directory, (i.e) NowSDK then simply run,

 

npm run now -- auth save sn_login --type oauth

 

 

It will now print a Authorization URI, open that URI in your browser, login and you will get this page which you can copy the token from,

AntonyJR_0-1733946299246.png

 

and paste it in the CLI.

 

And Now you should be able to use Now SDK CLI with SSO. I hope ServiceNow starts accepting PRs so that issues like this can be fixed faster.

BONUS: If you get Invalid Scope name, you need to start your application scope with the vendor which is different for every instance, you can however try with x_snc_your_appscope and it will error out with it must start with "x_yourvendercode_".

0 Helpfuls