Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
oAuth JWT Grant Type Troubleshooting steps - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • oAuth JWT Grant Type Troubleshooting steps
KB0718002

oAuth JWT Grant Type Troubleshooting steps


4942 Views Last updated : Aug 24, 2022 public Copy Permalink
KB Summary by Now Assist

Issue

This article focuses on the possible troubleshooting steps involved for oAuth 2.0 JWT bearer grant Type.

Procedure

  1. Enable debugger property related to oAuth
    • com.snc.platform.security.oauth.debug = true
    • glide.auth.debug.enabled = true
  2. Ensure all the required parameters for oAuth Provider is configured.
    1. Client ID
    2. Client Secret
    3. Token URL
    4. Profile
    5. Scope
    6. JWT Provider
  3. Validate if the keystore has a valid password in it. Ensure the same password is used within the NOW platform.
  4. Validate if the signing key within the keystore has a valid password in it. Ensure the same password is used within the NOW platform.
  5. Get oAuth Token from Outbound Rest Message.
  6. Logs are printed in the localhost logs if the debugger property is enabled. Check the log for any errors if the token is not generated.
  7. If there are no errors in the log verify if JWT is generated within the NOW Platform.
    Started to generate JWT
    AuthAdding payload claims to jwt with name = box_sub_type and value = enterprise
    AuthAdding payload claims to jwt with name = aud and value = https://api.box.com/oauth2/token
    AuthAdding payload claims to jwt with name = sub and value = 120961449
    AuthAdding payload claims to jwt with name = iss and value = o9xqbay28g97deumamwz2s0tvtsfrusb
    AuthAdding claims to jwt. Header Claims = [], keyId = , issuedAt = Thu Nov 15 15:15:52 PST 2018, expiresAt = Thu Nov 15 15:16:52 PST 2018, issuer = o9xqbay28g97deumamwz2s0tvtsfrusb, notBefore = null, signingAlgorithms=RS256, jwtId=e5a988d8-23da-465f-b34c-bbecff42257c
    Successfully generated JWT
  8. Verify if the request is sent
    OAUTH - OAuthHTTPRequest : Sending http request, url:https://api.box.com/oauth2/token
    OAUTH - OAuthHTTPRequest : Sending http request, body:grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2FwaS5ib3guY29tL29hdXRoMi90b2tlbiIsInN1YiI6IjEyMDk2MTQ0OSIsImJveF9zdWJfdHlwZSI6ImVudGVycHJpc2UiLCJpc3MiOiJvOXhxYmF5MjhnOTdkZXVtYW13ejJzMHR2dHNmcnVzYiIsImV4cCI6MTU0MjMyMzgxMiwiaWF0IjoxNTQyMzIzNzUyLCJqdGkiOiJlNWE5ODhkOC0yM2RhLTQ2NWYtYjM0Yy1iYmVjZmY0MjI1N2MifQ.O1f7vpKPKgGJWfOn_hXIu18d5AVv8wjqaxvEGlVQaNBWTQ3H4AKJ1XcE1VFrpeCXpxb0uZ2wb_O4JctZeX-qP7aH9R9QovT9tMpxEQCpmDNX5XAs3iw_X5yfT_eYszMBcrS2ZpXbEj82lVLgGixV7tRWhq0tLgIoIUAPcnbAsu2L6ec5wsCyqAv4l4XwqicYjk8Pl94WbcfmFF3Cg2eWhELB2EFG5_V48NOsvTHWBTkwp-aLS-YIH17w5uPAKht7BjtW0CBsbrCxjgVoc_VGpLqHNyl0BXMHI9wBDSCffA2sWamGTDxqferagdYXt_8jfkahqslKhmCAbCUonfnBSw&client_secret=DRcW5sBRcuy4jDqryIoPB5BhCw7h1QzL&client_id=o9xqbay28g97deumamwz2s0tvtsfrusb
    SecurityUtils: Obfuscating Key : access_token and all its children!
  9. Use the jwt.io site to decode assertion. Verify if Header and Payload are generated with all the required claims.



  10. If the request is processed by the oAuth Provider verify if a response was returned.
    OAUTH - OAuthHTTPRequest : Received http response: {"access_token":"********","token_type":"bearer","expires_in":4245,"restricted_to":[]}
  11. Verify if the token is returned in the response
  12. If the token is not returned review error messages and take appropriate action. Possible errors could be related to signing key, claims, client id, or client secret.
  13. The token is sent as an Authorization header for outbound REST messages, ensure the token matches the request header. Enable Outbound HTTP Debugging to log HTTP request and response

 

Release

Madrid

Related Links

  • Outbound Web Services Logging
  • Encode/Decode JWT Token: https://www.jsonwebtoken.io/
  • JWT Builder http://jwtbuilder.jamiekurtz.com/
  • Encode/Decode JWT Token: https://jwt.io/

The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.