OAuth Setup
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello everyone,
I am trying to configure a Spoke, that gets the authentication from Auth0, an identity provider.
The issue is that in the request, besides the client id and the client secret, additional 2 fields are request: grant_type and audience.
So my question is: how can I configure the request to the OAuth server for involving 2 additional parameter?
For a Spoke, is this the right approach for getting the token and then using the token for the REST calls?
Thanks!
#spoke #spokeGenerator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @MicheleM1030455,
By default, ServiceNow sends only the standard parameters (client_id, client_secret, grant_type, code, redirect_uri). If your IdP requires additional parameters such as audience, you need to add them manually.
How to add custom parameters (e.g., audience)
ServiceNow lets you do this using the OAuth API Script field in the OAuth Provider record.
Create a Script Include that extends the OAuth flow and injects extra parameters into the token request.
Example:
var CustomAuth0Provider = Class.create();
CustomAuth0Provider.prototype = Object.extend(new sn_auth.GlideOAuthProvider(), {
getTokenRequest: function(request) {
request = sn_auth.GlideOAuthProvider.prototype.getTokenRequest.call(this, request);
request.addParameter("audience", "https://your-api-identifier/");
return request;
}
});Then select this Script Include in the OAuth API Script field.
ServiceNow will now include audience (or any other fields you add) in the outgoing token request.
Is this the right approach for a Spoke?
Yes.
For a custom Spoke:
Configure an OAuth Provider
The Spoke’s REST actions use that provider automatically
The token is retrieved once, stored in the credential table, and reused until it expires
Auth0’s Authorization Code or Client Credentials grant is both fine depending on your use case
If my response helped, please mark it as the accepted solution so others can benefit as well.
Muhammad Iftikhar
If my response helped, please mark it as the accepted solution so others can benefit as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Thanks for the answer!
However, it seems that the script does not trigger, since I get this from service now (I have a fake server just for debugging)
How can I enable the Script in order to modify the request?
Body: {
grant_type: 'client_credentials',
client_secret: 'test',
client_id: 'Test'
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @MicheleM1030455 ,
If the script isn’t triggering, please check these quick points:
Make sure your Script Include is selected in OAuth API Script on the provider.
Set the Script Include to Accessible from: All application scopes.
Add a quick gs.info() inside getTokenRequest() to confirm it’s running.
If my response helped, please mark it as the accepted solution so others can benefit as well.
Muhammad Iftikhar
If my response helped, please mark it as the accepted solution so others can benefit as well.
