JSON Web token grant workflow

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Configuring an OAuth JSON Web Token (JWT) bearer grant secures token-based authentication without user interaction.

    始める前に

    Role required: oauth_admin, mi_admin, admin

    このタスクについて

    The client application generates a signed JWT with identity-related claims such as the user or system it represents. The client application sends the JWT to the ServiceNow instance to request an access token.
    • When acting on behalf of a user:
      The token represents a previously authenticated user. It enables secure, seamless access without prompting the user for credentials or consent. ServiceNow trusts the request by validating the user's identity from the signed token, eliminating the need for real-time user interaction.
    • When acting as itself:
      The token identifies and authenticates the client application. Instead of using a shared secret, the application signs the token with a private key. This offers a more secure alternative to the client credentials grant.
    図 : 1. JWT Grant workflow
    JWT Grant Workflow

    手順

    1. The client application sends a token request to ServiceNow, with a JWT signed with its private key.
    2. ServiceNow validates the JWT using the corresponding public key.
      It maps the sub (subject) claim in the token to a sys_user record.
    3. ServiceNow validates the JWT, and issues the access token.
    4. The client includes the access token in the API requests to ServiceNow.
    5. ServiceNow validates the access token, and returns the appropriate API response.