The Now Platform® Washington DC release is live. Watch now!
‎02-11-2016 03:57 PM
Hey there, I recently was being asked by a client how to setup OAuth2 authentication for ServiceNow web services integrations. After searching online, I couldn't find anything that's straightforward to explain the configuration/test process. So after I figure this out, I think I should share what I did in here so people can reference this topic in the future.
What I experimented are between ServiceNow instances. When work with third party application, it could be a slight different but the concept remains the same. Both OAuth consumer and OAuth provider can be a third party or ServiceNow.
Here we go.
1. Configure OAuth provider on instance 1 (OAuth Application Registry -> Create an OAuth API endpoint for external clients)
2. Configure OAuth consumer on instance 2 (OAuth Application Registry -> Connect to a third party OAuth Provider)
3. Test tokens generation script to OAuth provider instance 1 (from OAuth consumer instance 2).
var oAuthClient = new sn_auth.GlideOAuthClient();
var params = {grant_type:"password", username:'user_id from provider that will grant OAuth access', password:'user_pwd from provider that will grant OAuth access'};
var json = new global.JSON();
var text = json.encode(params);
var tokenResponse = oAuthClient.requestToken('unique consumer profile name from step 2.1', text);
var token = tokenResponse.getToken();
gs.log("AccessToken:" + token.getAccessToken());
gs.log("AccessTokenExpiresIn:" + token.getExpiresIn());
gs.log(" RefreshToken:" + token.getRefreshToken());
//You should be getting proper Access Token long with Refresh Token info. This token will be used in future web service request.
4. Setup proper outbound message on consumer instance 2 to the endpoint on provider instance 1.
5. Test outbound REST message along with token generation script to Web Service provider/OAuth provider instance 1 (from OAuth consumer instance 2).
var r = new sn_ws.RESTMessageV2('P2 Incidents', 'get');
r.setStringParameter('priority', '2');
r.setStringParameter('active', 'true');
r.setStringParameter('sysparm_fields', 'number,state,priority');
//override authentication profile
//authentication type ='basic'/ 'oauth2'
//This line below is optional if you have configured OAuth as authentication type in your outbound REST
r.setAuthentication('oauth2', 'OAuth_Client1');
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
gs.log(responseBody);
6. Special Case1 - User is in Fuji or earlier version, don't have same menu as my Geneva screenshot
7. Special Case2 - grant type is not 'password' or 'refresh_token'
Solved! Go to Solution.
‎03-14-2016 02:26 PM
I have created a formal blog post about How to Setup OAuth2 authentication for RESTMessageV2 integrations. Also added two special cases for user in Fuji or earlier releases or using unsupported OAuth grant type. Happy coding!
‎02-11-2016 06:34 PM
Thanks for sharing!
‎02-26-2016 01:57 PM
Jason, the fact that you figured this out without much documentation gives me hope for humanity!
I'd like to suggest that you turn this post into a blog post. The title I would use is:
"How to Setup OAuth2 authentication for outbound RESTMessageV2 integrations".
Note that OAuth2 Authorization Code flow is also supported, so if you're integrating with a 3rd party like Google for example.
Thanks for sharing.
‎02-26-2016 02:39 PM
silas I would certainly like to create a blog if I know how. 🙂
I actually come up with some additional methods after finding out that our OAuth plugin didn't support other grant_type besides "refresh" and "password". I will try to document it and post it later on.
‎03-08-2016 09:28 AM
Hi Jason -
Great post/article. What version of the platform are you using for your screenshots?