Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

OAuth Setup

MicheleM1030455
Giga Contributor

yesterday

Hello everyone,

I am trying to configure a Spoke, that gets the authentication from Auth0, an identity provider. 

The issue is that in the request, besides the client id and the client secret, additional 2 fields are request: grant_type and audience.

So my question is: how can I configure the request to the OAuth server for involving 2 additional parameter?

 

For a Spoke, is this the right approach for getting the token and then using the token for the REST calls? 

Thanks!

#spoke #spokeGenerator 

Preview file
208 KB
0 Helpfuls
  • 67 Views
1 REPLY 1

M Iftikhar
Tera Sage

3 hours ago

Hi @MicheleM1030455,

By default, ServiceNow sends only the standard parameters (client_id, client_secret, grant_type, code, redirect_uri). If your IdP requires additional parameters such as audience, you need to add them manually.

How to add custom parameters (e.g., audience)

ServiceNow lets you do this using the OAuth API Script field in the OAuth Provider record.
Create a Script Include that extends the OAuth flow and injects extra parameters into the token request.

Example:

var CustomAuth0Provider = Class.create();
CustomAuth0Provider.prototype = Object.extend(new sn_auth.GlideOAuthProvider(), {
    getTokenRequest: function(request) {
        request = sn_auth.GlideOAuthProvider.prototype.getTokenRequest.call(this, request);
        request.addParameter("audience", "https://your-api-identifier/");
        return request;
    }
});

Then select this Script Include in the OAuth API Script field.
ServiceNow will now include audience (or any other fields you add) in the outgoing token request.


Is this the right approach for a Spoke?

Yes.
For a custom Spoke:

  1. Configure an OAuth Provider

  2. The Spoke’s REST actions use that provider automatically

  3. The token is retrieved once, stored in the credential table, and reused until it expires

  4. Auth0’s Authorization Code or Client Credentials grant is both fine depending on your use case

If my response helped, please mark it as the accepted solution so others can benefit as well. 

Thanks & Regards,
Muhammad Iftikhar

If my response helped, please mark it as the accepted solution so others can benefit as well.

0 Helpfuls