JSON Web token bearer grant
Use this flow when a client application needs secure, unattended access to ServiceNow resources, either as itself or on behalf of a user.
The client application generates a signed JWT that includes identity-related claims, such as the user or system it represents. It sends it to the ServiceNow instance to request an access token.
JWT Structure
The JWT must be signed using the client’s private key. It must include the following standard claims:
- iss – Issuer (client ID)
- sub – Subject (user or system identity)
- aud – Audience (ServiceNow token endpoint)
- exp – Expiration time
- iat – Issued at
Note:
ServiceNow uses the public key (uploaded in the OAuth JWT profile) to validate the signature and maps the sub claim to a user record.