How to generate oauth token with grant type=client_credentials in service now

ChethanB4037292 · ‎05-01-2025

How to generate oauth token with grant type=client_credentials in service now, When I tried with System Oauth-> Application registery -> New -> w/o redirecting url . Still when I make curl post with grant_type=client_credentials and respective client Id ,secret it throws 401 unauthorized error, but when I tried with grant_type=password and username,password along with client id,secret I can able to generate bearer token. I want to generate with grant_type=client credentials.

Thanks in advance.

AndersBGS · ‎05-02-2025

Hi @ChethanB4037292 ,

Please read this articles. Based on the information provided I made it work: https://sapphirenow.dev/post/oauth-part-2/ and https://sapphirenow.dev/post/wdc-oauth-part-1/

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

_ukasz Rybicki · ‎05-02-2025

Steps

Install required plugins
- Ensure these are active: OAuth 2.0 (com.snc.platform.security.oauth), REST API Provider (com.glide.rest), Authentication Scope (com.glide.auth.scope), REST API Auth Scope Plugin (com.glide.rest.auth.scope) (ServiceNow).
Enable Client Credentials grant
- In System Properties (sys_properties.list), create/update:
```
Name: glide.oauth.inbound.client.credential.grant_type.enabled  
Type: true|false  
Value: true
```
- Default = false; must be true to allow this flow (ServiceNow).
Create OAuth client registry entry
- Navigate to System OAuth > Application Registry > New
- Select Create an OAuth API endpoint for external clients, fill Name, Client ID/Secret (redirect URLs optional), and save (ServiceNow).
Add & set OAuth Application User
- On the registry form: Configure → Form Layout, add OAuth Application User (reference sys_user), save.
- Populate with an active user having required roles (e.g. admin) (ServiceNow Support).

Request the token

curl -X POST "https://<instance>.service-now.com/oauth_token.do" \
  -H "Authorization: Basic $(echo -n '<CLIENT_ID>:<CLIENT_SECRET>' | base64)" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials"

– returns JSON { "access_token":"…","token_type":"Bearer","expires_in":… } (ServiceNow).

Troubleshooting

401 Unauthorized → verify the system property is true and OAuth Application User is set/active (ServiceNow Support).
Scopes → optionally include &scope=<scope1> <scope2> in the POST body if you’ve defined API Auth Scopes.

Sources

Up your OAuth2.0 Game in Washington DC with Inbound Client Credentials, ServiceNow Community Blog – plugin & registry setup (1.2 yrs) (ServiceNow)
Create the Client Credentials system property, ServiceNow Docs – how to enable glide.oauth.inbound.client.credential.grant_type.enabled (1.3 yrs) (ServiceNow)
Client Credentials grant type for Inbound OAuth is supported, ServiceNow KB KB1645212 – confirms need for OAuth Application User (11 mos) (ServiceNow Support)
SOLVED: OAuth 2.0 Access Denied, ServiceNow Community – curl example using grant_type=client_credentials (7 mos) (ServiceNow)

ChethanB4037292 · ‎05-03-2025

Hi @AndersBGS , nice it was very helpful thanks!!!

One more query I have, how to validate the oauth bearer token recieving from external system in service now, I tried with enable require authentication for scripted rest api but it always says 401 even I pass with valid oauth bearer token (Authorization: Bearer {token}) in header.

ChethanB4037292 · ‎05-03-2025

Hi @_ukasz Rybicki ,

thanks for the help really appreciate that.!!!

One more query I have, how to validate the oauth bearer token recieving from external system in service now, I tried with enable require authentication for scripted rest api but it always says 401 even I pass with valid oauth bearer token (Authorization: Bearer {token}) in heade