Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
User Authentication Error when reading Instance data using a third party token generated by OIDC provider - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • User Authentication Error when reading Instance data using a third party token generated by OIDC provider
KB0719167

User Authentication Error when reading Instance data using a third party token generated by OIDC provider


12583 Views Last updated : Oct 11, 2023 public Copy Permalink English (Original)
  • English (Original)
  • Japanese
KB Summary by Now Assist

Issue

Overview

User Authentication error when trying to read the tables using a inbound Rest call with a third party token generated by OIDC provider.

Description

We have a new feature introduced in London for OAuth authentication where we configure an OIDC provider to grant tokens to client applications using which the clients read the tables on the instance

../../../Desktop/Screen%20Shot%202018-11-27%20at%207.29.57%20PM.png

This solution talks about how we can overcome the Authentication error which you might face when reading the instance tables using the JWT token generated by the third party OIDC provider

Error reported in Postman when trying to read the instance data:


{
"error": {
"detail": "Required to provide Auth information",
"message": "User Not Authenticated"
},
"status": "failure"
}

 

Solution


Make sure to remember the below points when a user wants to read the instance data using a JWT token generated by the third party OIDC provider. This is a new feature introduced in London release 

- Make sure the "aud" (audience) field in the JWT token maps the client id of the OIDC entity configured on the instance.

../../../Desktop/Screen%20Shot%202018-11-27%20at%208.08.50%20PM.png

 

- Make sure the "issuer" value in the JWT token maps the OIDC metadata URL data configured on the OIDC provider configuration in the instance

../../../Desktop/Screen%20Shot%202018-11-27%20at%208.09.08%20PM.png

- Make sure the user claim is configured to user name or email in the sys user table that depends on what is passed from the JWT token. Make sure the claim field exists in the JWT token nevertheless of the grant type used in the profile.

../../../Desktop/Screen%20Shot%202018-11-27%20at%208.10.12%20PM.png

 

Steps to configure OIDC

1.Register app in the OIDC Provider ( Okta is used as OIDC provider in this KB)

2.Configure OAuth Provider Configurations

3.Configure OAuth Entity

 

Sample JWT Token:

eyJraWQiOiJjNTZtZTlXU0xPVnY3UFMwcTg4Qzl1b0lzNjFQYTdmUG4yZFVFOW9RNUg4IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHVnZDg1ODVkczI1WXpUSjBoNyIsIm5hbWUiOiJpbXJhbiBhbGkiLCJsb2NhbGUiOiJlbi1VUyIsImVtYWlsIjoiaW1yb241NDNAZ21haWwuY29tIiwidmVyIjoxLCJpc3MiOiJodHRwczovL2Rldi05MzQxMjEub2t0YXByZXZpZXcuY29tIiwiYXVkIjoiMG9hZ2Q4bzk3a2lCT3dwd0IwaDciLCJpYXQiOjE1Mzc5MzMzMjYsImV4cCI6MTUzNzkzNjkyNiwianRpIjoiSUQueThVdXpWNUg2bm16SzRsOTI1RFVrQnJoR1o1MmJzVVpGVHRVTEphQjg3ayIsImFtciI6WyJwd2QiXSwiaWRwIjoiMDBvZ2Q4NTgycEFqZDZTemcwaDciLCJub25jZSI6InNub3ciLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpbXJvbjU0M0BnbWFpbC5jb20iLCJnaXZlbl9uYW1lIjoiaW1yYW4iLCJmYW1pbHlfbmFtZSI6ImFsaSIsInpvbmVpbmZvIjoiQW1lcmljYS9Mb3NfQW5nZWxlcyIsInVwZGF0ZWRfYXQiOjE1Mzc5MzAxOTcsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdXRoX3RpbWUiOjE1Mzc5Mjk2NjF9.OG87SYxWFgHGlhBYby2H79diRm9rlYZTeEkIINRUatwg-p4739htB8xEY-5_t6yU_6k5w10pdgtt5M5QFZRPXVbQZNoGtY-Bxn0BjaimcFgoWfhY_0ldnGTkzN2RYyIHvrf9-yhxg347zvczmLrgMMa_VwG4rxrtE6rUXaIpIeIK5b-Deq8ADz8UTUTKpF_5RWk4X-oh5xK6BLniFHk4ShOZq2v_mjproXwKk5euJKrVrar2lQ4adZCOSTRuTf3ThMO5WDh0sel-82LngXtLzRJJ51IqxAsXns0kJHLLqLtH1hXNRKfwT1ScQoE_OfWm4t0KryI2j4wSMEanFtLXIw

 

Payload:

{

  "sub": "00ugd8585ds25YzTJ0h7",

  "name": "kalyan srinivas",

  "locale": "en-US",

  "email": "kalyan@gmail.com",  --> Instance checks this email field value on the sys user table to authenticate the user

  "ver": 1,

  "iss": "https://dev-934121.oktapreview.com",

  "aud": "0oagd8o97kiBOwpwB0h7",     ---> This should be equal to client id field value in the OIDC entity configuration on the instance

  "iat": 1537933326,

  "exp": 1537936926,

  "jti": "ID.y8UuzV5H6nmzK4l925DUkBrhGZ52bsUZFTtULJaB87k",

  "amr": [

    "pwd"

  ],

  "idp": "00ogd8582pAjd6Szg0h7",

  "nonce": "snow",

  "preferred_username": "kalyan@gmail.com",  

  "given_name": “kalyan",

  "family_name": "Sri",

  "zoneinfo": "America/Los_Angeles",

  "updated_at": 1537930197,

  "email_verified": true,

  "auth_time": 1537929661

}

 

 

 

How to sample test the JWT token to read instance data:

curl -X GET --header "Accept:application/json" https://<Instance name>/api/now/table/<table name> -k --header "Authorization: Bearer eyJraWQiOiJjNTZtZTlXU0xPVnY3UFMwcTg4Qzl1b0lzNjFQYTdmUG4yZFVFOW9RNUg4IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHVnZDg1ODVkczI1WXpUSjBoNyIsIm5hbWUiOiJpbXJhbiBhbGkiLCJsb2NhbGUiOiJlbi1VUyIsImVtYWlsIjoiaW1yb241NDNAZ21haWwuY29tIiwidmVyIjoxLCJpc3MiOiJodHRwczovL2Rldi05MzQxMjEub2t0YXByZXZpZXcuY29tIiwiYXVkIjoiMG9hZ2Q4bzk3a2lCT3dwd0IwaDciLCJpYXQiOjE1Mzc5MzMzMjYsImV4cCI6MTUzNzkzNjkyNiwianRpIjoiSUQueThVdXpWNUg2bm16SzRsOTI1RFVrQnJoR1o1MmJzVVpGVHRVTEphQjg3ayIsImFtciI6WyJwd2QiXSwiaWRwIjoiMDBvZ2Q4NTgycEFqZDZTemcwaDciLCJub25jZSI6InNub3ciLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpbXJvbjU0M0BnbWFpbC5jb20iLCJnaXZlbl9uYW1lIjoiaW1yYW4iLCJmYW1pbHlfbmFtZSI6ImFsaSIsInpvbmVpbmZvIjoiQW1lcmljYS9Mb3NfQW5nZWxlcyIsInVwZGF0ZWRfYXQiOjE1Mzc5MzAxOTcsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdXRoX3RpbWUiOjE1Mzc5Mjk2NjF9.OG87SYxWFgHGlhBYby2H79diRm9rlYZTeEkIINRUatwg-p4739htB8xEY-5_t6yU_6k5w10pdgtt5M5QFZRPXVbQZNoGtY-Bxn0BjaimcFgoWfhY_0ldnGTkzN2RYyIHvrf9-yhxg347zvczmLrgMMa_VwG4rxrtE6rUXaIpIeIK5b-Deq8ADz8UTUTKpF_5RWk4X-oh5xK6BLniFHk4ShOZq2v_mjproXwKk5euJKrVrar2lQ4adZCOSTRuTf3ThMO5WDh0sel-82LngXtLzRJJ51IqxAsXns0kJHLLqLtH1hXNRKfwT1ScQoE_OfWm4t0KryI2j4wSMEanFtLXIw"


The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.