Suppressing Authentication on Flow Action REST Step

JussiV · ‎01-31-2022

I am pulling data from the VMware vCenter API, which uses basic authentication for the initial call and subsequently can use an API session key instead of continuing to use the basic auth and my customer wishes to start using the API token and drop the basic auth for anything but the first call. When using the API key VMware requires it to be provided in a custom header.

For connecting to the API a connection & credential alias has been set up and I am able to retrieve the token just fine, but for the subsequent API calls I'm unable to prevent the REST step from digging up the connection credentials and sending out the basic Authorization header.

On the REST step Request Details section I can add headers and I am able to override the generation of the basic auth header if I manually add the Authorization header on the request details; Whatever value I put there goes out with the request, even if I leave it empty. On the header details one can select the "Omit if empty" tickbox.

This sounded like a perfect way to suppress the generation of the basic auth, but alas, the implementation then falls back to the credentials given on the connection and overrides my Authorization header override.

I'm thinking that there is a design flaw here. If I explicitly override the Authorization header on my request details for whatever reason and then set to omit the header when empty, I don't think the automation should fall back to the built-in logic as if I never provided the header at all. In the end I'm interested in whether there is some other way to achieve what I'm trying to do and also whether SNC would consider this as an improvement idea for the inner workings of the REST step.

JussiV · ‎04-01-2022

As it stands, it is not possible to suppress the automatic authentication if one uses a connection alias with related basic credentials to build the REST details automatically, the only way is to construct the REST step details manually. According to the support this is as designed, so an idea was submitted to the idea portal.

Looking at the Custom Authentication Algorithms, it looks like a custom authentication script could be a solution, but these scripts don't seem to be documented and a quick attempt to create one didn't work out as expected, so a documentation request was created as well.

Long story short, no simple solution exists and the workaround is to discard all authentication automation in favour of doing it manually from scratch.

View solution in original post

ServiceNow Tec2 · ‎04-01-2022

This has been resolved by ServiceNow Technical Support. Please refer to KB0861764 for more information.

ServiceNow Tec2 · ‎04-01-2022

This has been resolved by ServiceNow Technical Support. Please refer to KB0547257 for more information.

JussiV · ‎04-01-2022

As it stands, it is not possible to suppress the automatic authentication if one uses a connection alias with related basic credentials to build the REST details automatically, the only way is to construct the REST step details manually. According to the support this is as designed, so an idea was submitted to the idea portal.

Looking at the Custom Authentication Algorithms, it looks like a custom authentication script could be a solution, but these scripts don't seem to be documented and a quick attempt to create one didn't work out as expected, so a documentation request was created as well.

Long story short, no simple solution exists and the workaround is to discard all authentication automation in favour of doing it manually from scratch.