The Now Platform® Washington DC release is live. Watch now!
Hey there, I recently was being asked by a client how to setup OAuth2 authentication for ServiceNow web services integrations. After searching online, I couldn't find anything that's straightforward to explain the configuration/test process. So after I figure this out, I think I should share what I did in here so people can reference this topic in the future.
What I experimented are between ServiceNow instances. When work with third party application, it could be a slight different but the concept remains the same. Both OAuth consumer and OAuth provider can be a third party or ServiceNow.
Here we go.
1. Configure OAuth provider on instance 1 (OAuth Application Registry -> Create an OAuth API endpoint for external clients)
2. Configure OAuth consumer on instance 2 (OAuth Application Registry -> Connect to a third party OAuth Provider)
3. Test tokens generation script to OAuth provider instance 1 (from OAuth consumer instance 2).
var oAuthClient = new sn_auth.GlideOAuthClient();
var params = {grant_type:"password", username:'user_id from provider that will grant OAuth access', password:'user_pwd from provider that will grant OAuth access'};
var json = new global.JSON();
var text = json.encode(params);
var tokenResponse = oAuthClient.requestToken('unique consumer profile name from step 2.1', text);
var token = tokenResponse.getToken();
gs.log("AccessToken:" + token.getAccessToken());
gs.log("AccessTokenExpiresIn:" + token.getExpiresIn());
gs.log(" RefreshToken:" + token.getRefreshToken());
//You should be getting proper Access Token long with Refresh Token info. This token will be used in future web service request.
4. Setup proper outbound message on consumer instance 2 to the endpoint on provider instance 1.
5. Test outbound REST message along with token generation script to Web Service provider/OAuth provider instance 1 (from OAuth consumer instance 2).
var r = new sn_ws.RESTMessageV2('P2 Incidents', 'get');
r.setStringParameter('priority', '2');
r.setStringParameter('active', 'true');
r.setStringParameter('sysparm_fields', 'number,state,priority');
//override authentication profile
//authentication type ='basic'/ 'oauth2'
//This line below is optional if you have configured OAuth as authentication type in your outbound REST
r.setAuthentication('oauth2', 'OAuth_Client1');
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
gs.log(responseBody);
6. Special Case 1: In Fuji or earlier version, user doesn't have same menu as my Geneva screenshot
In this case, you can use REST OAuth API to call in to get issue token embedded, see my highlights.
var r = new sn_ws.RESTMessageV2('P2 Incidents', 'get');
r.setStringParameter('priority', '2');
r.setStringParameter('active', 'true');
r.setStringParameter('sysparm_fields', 'number,state,priority');
/*override authentication profile
authentication type ='basic'/ 'oauth2'
line below is optional if you have configured OAuth as authentication type in your outbound REST*/
r.setAuthentication('oauth2', 'OAuth_Client1');
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
gs.log(responseBody);
7. Special Case 2: OAuth grant type is not 'password' or 'refresh_token'
ServiceNow only support 2 mentioned above grant type at the moment this document is created. In this case, you will have to work with OAuth provider to figure out what grant type can be used per provider, and then setup a separate WS call to request for token issuance. And then you can embed token string in your subsequent WS call's header till this token expires.
//Calling REST to get oauth token and type issued.
function requestToken() {
var r = new sn_ws.RESTMessageV2('Oauth Token Request', 'post');
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
var authString;
if (httpStatus == 200 && responseBody != " ") {
var obj = new JSON.parse(responseBody);
var token = obj.access_token;
var token_type = obj.token_type;
authString = token_type + " " + token;
} else {
gs.print("Cannot acquire token");
}
gs.print("Token Type + Token:\n" + authString);
return authString;
}
//Use tokenString to setup header
var tokenString = requestToken();
var r = new sn_ws.RESTMessageV2('P2 Incidents', 'get');
r.setStringParameter('priority', '2');
r.setStringParameter('active', 'true');
r.setStringParameter('sysparm_fields', 'number,state,priority');
r.setRequestHeader('Authorization', tokenString);
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
gs.log(responseBody);
This document was generated from the following discussion: How to Setup OAuth2 authentication for outbound RESTMessageV2 integrations
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.