I want to integrate my application with ServiceNow using its REST API. For this, my app needs to get authorized using OAuth 2. I have searched for Authorization and Token endpoints in the wiki of ServiceNow, but could not find any.
Can anyone please post here those urls?
Starting with the Fuji release ServiceNow supports authenticating to REST endpoints using OAuth. First off, be sure to enable the OAuth plugin if it's not already enabled on the ServiceNow instance you are trying to integrate with. For information on how to do this and how to setup an OAuth endpoint check out these product docs.
Setting up OAuth
ServiceNow OAuth with REST
Generating OAuth tokens
Once you've created an OAuth endpoint in the application registry on your ServiceNow instance you'll need to generate tokens to use for authentication. You can find curl samples for generating tokens in the product docs. Review the response to the request you made to generate tokens and grab the 'access token'. The response from generating tokens should contain a JSON body similar to the following:
{"scope":"useraccount","token_type":"Bearer","expires_in":1800,"refresh_token":"w599voG89897rGVDmdp12WA681r9E5948c1CJTPi8g4HGc4NWaz62k6k1K0FMxHW40H8yOO3Hoe","access_token":"F0jh9korTyzd9kaZqZ0SzjKZuS3ut0i4P46Lc52m2JYHiLIcqzFAumpyxshU9mMQ13gJHtxD2fy"}
From the response you will want to record the 'access_token' and include it as a bearer token in subsequent requests to the ServiceNow REST API endpoints.
Sample request to REST Table API using the access token:
curl -H "Accept:application/json" -H "Authorization:Bearer 2wRlsRCT2SYjCCJP91kwo2EFzj5qg4O3I3aC09e0-0hz6Ib3YK7If-LMiNorNuglfqbkL4AfkYC92KYHUCcbpQ" "http://<instance>.service-now.com/api/now/table/incident"
Hope that helps!
It seems ServiceNow supports only password and refresh_token grant types. Please see here. Authorization and Token urls are for Authorization code grant type.
Related
We would like to create a logic app that subscribes to a webhook in Microsoft Graph. To enable this subscription you need to include a bearer token. Something the logic app included HTT webhook does not seem to provide. Is there someone who has got this working somehow? We would like to subscribe to the 'calldetailrecords'
One of the workaround is that you can use Subscribe-Header parameter from Add new parameter in order to send the Bearer Token to your Webhook.
Here is the screenshot for your reference
So, I'm passing the Token from my HTTP request connector and adding the same to my Subscribe- Header parameter with Key as "Authentication".
To get the Bearer Token you can follow the steps from Get access on behalf of a user - Microsoft Graph
REFERENCES:
How to pass a Bearer Token using Azure Logic Apps
I am having trouble understanding how to accomplish this. I have Firebase functions running on my application. I am using an external API in which I can configure Webhooks to hit an endpoint on my Firebase functions to perform an action. To make sure that the call comes from this external API, they recommend using an oauth2 flow. Mainly they ask me for:
Provide us (the external API) with an ID and an access token;
these are used to access a URL which provides a bearer token;
this bearer token is then used to access the provided webhook URL until the bearer
token expires after a pre-determined period of time.
And there are 4 input fields:
1. OAuth2 access token url
2. OAuth2 client id
3. OAuth client secret
4. OAuth2 Scope. <---- NOT SURE WHAT THIS ONE MEANS
My question is how do I generate the access token and the client id for this external API?
What value should I put for the oAuth2 scope?
Thanks!
I was able to figure this out using auth0. In one of their documentations, they cleared explained what I was trying to accomplish. Posting here to future reference in case any one needs it.
Thanks all!
reference: https://auth0.com/docs/authorization/flows/client-credentials-flow#learn-more
You can generate the client ID and client secret in the Console > Credentials.
Cloud Functions API oAuth2 scope is https://www.googleapis.com/auth/cloud-platform.
Is Webhook URL necessary for OAuth Access Token?
Prometheus Alertmanager has a place to write a Webhook URL, but is it necessary to write an OAuth Access Token?
What is OAuth Access Token used for?
No. Webhook URLs and OAuth Access Tokens are very different concepts.
Webhook URLs allow you to post a message to a Slack workspace and you only need to know the URL to do that.
OAuth Access Tokens gives you access to use the Slack Web API, which has lot more functionality than just posting messages.
Check out this page on how OAuth works with Slack.
I have a Java Adapter on my MobileFirst Server. I want to obtain an access token from the server in order to call the Adapter-API functions.
I have successfully done this with Postman using "Basic Auth" by giving Username and password (which I had defined in the MFP console before that) as parameters.
Now I want to get a token by using OAuth 2.0 as Type. How can I do this? I do not see any settings for that in the MFP console
You can access the /token endpoint only with Basic Authentication option. /token endpoint does not support accessing with OAuth token instead of Basic Auth .
The approach you are taking is to access Adapter endpoints from non-MFP SDK methods ( REST clients, Curl etc) .
When using non-MFP SDK clients, you need to execute the steps manually
create a confidential client for the scopes you require
Invoke the /token endpoint to obtain the token - here you will need to pass on Basic Auth to invoke the endpoint and also the scopes you need
Once you have the OAuth token, you will need to manually add the Authorization header to further requests and add the Bearer Token as the value.
if you are new to mobilefirst, and want to refer to sample programs for accessing a protected resource via OAUTH, you can refer samples
For a protected resource access via OAUTH, Please refer to samples https://www.ibm.com/support/knowledgecenter/en/SSHS8R_8.0.0/com.ibm.worklight.dev.doc/dev/c_oauth_custom_resource_request_samples.html
More securitycheck adapters samples for various user scenarios can be found here https://mobilefirstplatform.ibmcloud.com/tutorials/ru/foundation/8.0/authentication-and-security/
I am looking for concrete information regarding the state of RFC7636 (proof key for OAuth token exchanges) in Google's OAuth2 APIs.
Google exposes an OAuth 2.0 and OIDC provider API where access tokens can be obtained. There is a proposed standard described in RFC7636 for using proof keys in token exchanges which we have started using in our integrations with major identity providers. Some accept the proof key, others ignore it; Google seems to be aware of it but fails to validate the proof key. I have not been able to find any mention of this wrt Google.
In concrete terms, when following the authorization code flow of OAuth 2.0 with Google as the provider we generate a random number, hash it using SHA256, base64 URL encode it, and then pass it to https://accounts.google.com/o/oauth2/v2/auth as parameter "code_challenge" and "code_challenge_method" as per the spec.
The endpoint accepts the parameters and issues an authorization token as usual. When obtaining the access token we call https://www.googleapis.com/oauth2/v4/token with the code_verifier; the endpoint returns the following HTTP 400 error which suggests that there is some awareness of code verifiers:
{
"error": "invalid_grant",
"error_description": "Missing code verifier."
}
Google's OAuth documentation at developers.google.com/identity/protocols/OAuth2 does not mention any of these parameters; the API playground does not extend to playing with the OAuth2 auth and token endpoints. Any insight would be greatly appreciated.
I was having this same problem using AppAuth and an Android clientId. In order to fix it I had to set a matching 'code_verifier' field on both the authorization and token requests. You can find a more in depth description in this post: invalid_grant trying to get oAuth token from google