Restful API - OAuth grantype password - 401 - User Not Authenticated error

hz2
Tera Expert

I have configured OAuth with grant_type password in Production and all is working well. I have restored Production to Dev and am not attempting to get the same programmatic access to dev instance, but it's not working. I have no idea why. I get 401 on dev, but not on prod.

 

Steps:

1) Request token

POST https://{instance}.service-now.com/oauth_token.do
Content-Type: application/x-www-form-urlencoded
grant_type=password
&client_id={client_id}
&client_secret={client_secret}
&username={username}
&password={password}

2) Get data from tables

GET https://{instance}.service-now.com/api/now/table/cmdb_ci_business_app?sysparm_limit=10
Accept: application/json
Authorization: Bearer {token from previous step}
Result
HTTP/1.1 401 Unauthorized
{"error":{"message":"User Not Authenticated","detail":"Required to provide Auth information"},"status":"failure"}
 
 
 
Things I have checked:
a) The exact scenario works in Production instance but not in dev. Dev is a clean restore from Production.
 
b) The user has access to the tables. I'm able to login to ServiceNow UI with the same username/password and all works well. User is able to access tables in question. N.B. To login I disable "Web service access only".
 
c) I am able to get programmatic access to the data using Basic authentication with the same username/password as above. I just replace step 2 with this:
 
GET https://{instance}.service-now.com/api/now/table/cmdb_ci_business_app?sysparm_limit=10
Authorization: Basic {base64encoded username/password}
 
d) I look at Manage Tokens and all looks good. Token is valid, is linked to the correct user (oauthuser)
 
 
 
What am I missing? What else should I look at?
 
*** EDITED ***
I've looked at the logs and found this:
Erroriss claim is required to authenticate with an id_token: no thrown errorcom.glide.ui.ServletErrorListener
ErrorException while decoding JWT. Invalid JWT serialization: Missing dot delimiter(s): no thrown errorcom.glide.ui.ServletErrorListener
ErrorException while decoding JWT. Invalid JWT serialization: Missing dot delimiter(s): no thrown errorcom.glide.ui.ServletErrorListener

 

Any ideas of where to look next? 

One thing I've noticed is that the token from dev has more non-alpha characters such as / + == and prod does only has a - and _. Should encode the token before sending the request?

e.g. of dev token: AAAAAAA/BBBBBB+cc+DDDDDDDDDDD+EEEEEE==

e.g. of Prod token: AAAAAAAAAAAAAAA-BBBBBBBBBB_CCCCCC

3 REPLIES 3

Richard Hine
Tera Guru
Tera Guru

HZ,

I was able to replicate your issue, I think you are presenting the refresh_token and not the access_token as the Bearer value when making the GET request.

Hope this helps,

Richard

I double checked and I don't think that's the case.

In response to the token request I get this:

{
    "access_token": "ABCDE",
    "refresh_token": "123456",
    "scope": "useraccount",
    "token_type": "Bearer",
    "expires_in": 1799
}
 
I am definitely getting the value from access_token and using it as the bearer token, without any encoding or value manipulation.

Jason Brough2
Tera Contributor

Hi, did you ever manage to work out was the issue was?