The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Connect to Azure App Registration using OAuth application registry

jxsaxton421
Tera Guru

‎03-11-2022 10:00 AM

Hello,

My company has an application service in Azure to host some of our internal API's. I am trying to add an integration from Servicenow and keep getting a 401 unauthorized even though it looks like I am successfully getting a token using the oauth profile on the application registry.

We were able to configure it in Postman. The client secret, and client id came from the application. We are using the login.microsoftonline.com/mycompany/oauth/v2/token endpoint for the access token url. It still wasn't working with our request and giving us the 401. We then noticed that there is a "resource" in Postman where we ended up putting the url for the app service in Azure, and we then were able to get a 200 response code.

find_real_file.png

 

I have been reading articles and this makes me wonder if you have to change the app service authentication in Azure to include the redirect url into servicenow, and tell it to grant tokens.

https://docs.servicenow.com/bundle/paris-hr-service-delivery/page/product/sn-teams/task/setup-azure-app-ms-teams.html

However, it does work in Postman, so I doubt that is really necessary.

This LCHH was helpful, but I think some things have changed on the Microsoft side since 2017.

https://www.youtube.com/watch?v=fVLeB2tARus

 

Note: This is the same problem this user experienced. Where the "audience" field in OAuth doesn't seem to be in Servicenow at this time and the product team needs to figure out how to add that.

 

Anyone else that has connected to an app service hosted in Azure might be able to give me a pointer on what I might be missing?

I have also read about admin consent but that I'll have to check on.

 

 

 

 

Update: 

So I decided to try to create my own Azure App registration. This article from the docs site makes me think that I should be giving admin consent to their app registration. 

https://docs.servicenow.com/bundle/paris-it-asset-management/page/product/software-asset-management2/task/create-azure-ad-app.html

However, I don't need to do anything like that to get Postman to work. So I am not sure what I might be doing wrong. 

I was trying to create my own app service but I am not sure how to implement my own api for testing to see if I can authenticate with the service. 

Labels:
Preview file
110 KB
0 Helpfuls
  • 4,782 Views
7 REPLIES 7

Tom Sienkiewicz
Mega Sage
In response to jxsaxton421

‎03-14-2022 09:13 AM

Yeah, when I built an integration with MS graph for Outlook, it looked somewhat like this:

find_real_file.png

Preview file
138 KB
0 Helpfuls

Richard Hine
Tera Guru
Tera Guru

‎03-15-2022 02:21 AM

Josh,

If you are able to successfully retrieve a token, you can paste it into https://jwt.ms and see what roles it has been given.

It will need permissions set under your application registration and likely will need admin grant on it too.

Once you have the token, the MS APIs will expect it to be presented in the Authorization header of the request as 'Bearer <token>'.

You will need to give the OAuth provider any scopes you wish to use and then select the one you want to use in the entity profile. Just as a little gotcha, MS do not allow multiple scopes in the same profile.

Hope this helps, I can post screenshots of working examples if required...

Thanks,

Richard

0 Helpfuls

jxsaxton421
Tera Guru
In response to Richard Hine

‎03-23-2022 08:41 AM

It might be a scope permission. Thanks for the suggestion.

0 Helpfuls