Some tables accessible via Basic Auth are not accessible via OAuth

ShishirK
Tera Contributor

‎04-26-2023 12:39 PM

Hello,

 

When I look at the list of tables that I can access via Basic Auth and OAuth, there is a discrepancy.

 

When using OAuth, the error returned is 403 - User Not Authorized, and I cannot access the following 4 tables:

  • sys_home
  • sys_template
  • sys_ux_page_property
  • sys_ux_page_registry

 

I assumed that irrespective of the authentication method, the tables the user would have access to will remain the same. Is this a configuration issue? Or am I missing something?

 

Is there any way to resolve this? Appreciate any pointers.

 

Thank you!

Shishir

0 Helpfuls
  • 1,111 Views
1 REPLY 1

DUGGI
Giga Guru

‎04-26-2023 02:06 PM

@ShishirK 

 

 

The discrepancy you're encountering when accessing tables with Basic Auth and OAuth may be due to the different scopes and permissions associated with the access tokens. OAuth provides a more fine-grained control over what resources an application can access on behalf of the user.

Here's a brief overview of both authentication methods:

  1. Basic Auth: This authentication method relies on a username and password to authenticate a user. When using Basic Auth, the user's permissions are directly tied to the account, and there's no separation between user and application access.
  2. OAuth: This method involves issuing an access token to an application, which can then be used to authenticate API calls on behalf of the user. OAuth allows for more granular control over what resources an application can access by using scopes.

The reason you are encountering a 403 - User Not Authorized error when using OAuth might be due to insufficient or missing scopes in the OAuth application configuration. To resolve this issue, follow these steps:

  1. Navigate to "System OAuth > Application Registry" in ServiceNow.
  2. Find and open the OAuth application that you're using for API access.
  3. Check the "Scopes" field and ensure that it contains the necessary scopes to access the tables you're trying to query. If the required scopes are missing, add them to the list. For example, to access the 'sys_home' table, you may need to add a custom scope like 'sys_home.read' or use an existing scope that covers the required access, like 'x_rest_api.read'.
  4. Save the changes and regenerate the access token for your application.
  5. Use the new access token in your API calls to access the tables.

If the issue persists, ensure that the user associated with the access token has the necessary roles and permissions to access those tables in ServiceNow. You might need to adjust the user's roles or create custom roles that grant the necessary permissions.

Best practices suggest using OAuth for API access, as it offers better security and control over application access compared to Basic Auth.

0 Helpfuls