Setting up a JWT token in the ServiceNow instance

The token must be in JWT format with a user identifier. Create a OAuth Entity record and include the third party's well-known configuration to validate the token signature on the ServiceNow instance.

Setting up a JWT token with public keys from a third-party website

A JWT token can be created on your third-party website. It’s validated if the third party provides the public key used for the token's signature using a JSON Web key Set (JWKS) URI and a well-known configuration URL.

To achieve this, two public URLs can be created. The first URL can provide the public key information. The second URL serves as the metadata or well-known configuration URL, referencing the URL of the public key under the jwks_uri attribute. Once these URLs are set up, ServiceNow instance can be configured to accept third-party tokens generated by a third-party OIDC provider. For more information, see Configure an OAuth OIDC provider for accepting third-party token.

Setting up JWT token with public key hosting on ServiceNow

A JWT token can also be issued from a third-party site. If you’re unable to provide a JWKS URI and a well-known configuration, an alternative involves uploading the public key directly to the ServiceNow instance. Additionally, public-scripted REST APIs can be implemented to replicate the output of a well-known configuration endpoint. In such cases, the public key must be accessible through a public-scripted REST endpoint within the ServiceNow instance.