Summary
This article explains how to
- set up OIDC provider( Okta) on ServiceNow instance
- generate identity token using 3rd party client like POSTMAN
- make a call with identity tokens generated by a third-party OIDC provider for inbound API calls to ServiceNow.
- Please note any information regarding 3rd party OIDC provider should be obtained from the 3rd party vendor
Instructions
OIDC stands for OpenID Connect (http://openid.net/connect/).
It is an authentication layer on top of OAuth 2.0
It allows clients, like ServiceNow, to verify the identity of the end user by sending the JWT token containing the end user information to OIDC provider.
1) Create free Okta developer account
https://developer.okta.com/signup/
2)create new application -> type -> Web
with the below settings
3)
a)Login redirect URIs is:
https://getpostman.com/oauth2/callback
b) create a user (with an email address) and associate this user to the application
4)On the ServiceNow instance
System OAuth - > Application Registry
What kind of OAuth application?
Select -> 'Configure an OIDC provider to verify ID tokens.'
5)
a)Provide Name
b)Client ID & Client Secret from the Okta application created in step 2
c)
https://<okta_developer_instance>/.well-known/openid-configuration
<okta_developer_instance> is the developer account name created in step 1
for example:
https://dev-735661.okta.com/.well-known/openid-configuration
User Claim : email
User Field : Email
9)The end point will respond with Access Token and id_token . Copy the id_token and validate by going to https://jwt.io/, clicking the Debugger menu, and pasting the id_token into the Encoded field. The Decoded PAYLOAD: DATA section should show the expected decoded information.
10)Make a call to ServiceNow REST end point with header 'Authorization' and value 'Bearer <id_token>'