Notifications

60 views

Description

  • Considering the scenario where:
    1. An external application is the 3rd Party OAuth Provider
    2. The instance has defined a third party OAuth Provider record
    3. The OAuth Provider record has the Default Grant type set to Authorization Code
    4. A REST Message is defined with Authentication type to OAuth 2.0 and the OAuth profile defined at b.
  • Clicking the Get OAuth Token UI Action in the REST Message at point d. will request an authorization token from the 3rd Party OAuth Provider. This will open a Request for Permission window to the user UI (Browser).
  • This Request for Permission step cannot be automated programmatically.

Release or Environment

  • Any release

Cause

  • This is expected behavior. The User Permission must be provided with an interactive User Intervention, this is on purpose.
  • However, once the access and refresh tokens are retrieved in the above step, the refresh token will be used automatically by ServiceNow until its expiration to get new access tokens as and when required.

Resolution

  • If the requirement is to have a non-interactive integration with OAuth provided authorization the possible approaches (if supported by the 3rd Party Application Endpoint) are:
    • Client Credentials Grant Type
    • JWT grant type

Additional Information

Article Information

Last Updated:2020-04-24 12:57:03
Published:2020-04-24