oAuth JWT Bearer Grant Type Integration SetupIssue JWT (JSON Web Token) Grant type will provide capabilities to do server-to-server API interactions between Service Now and External API providers without requiring any user intervention. Procedure Upload jks which has jwt signing key in sys certificate.Java keystore with a signing key ( Private-Public key pair ) is generated by customer. Use the below command in the terminal to generate a java keystore with a self signed certificate.keytool -genkey -alias snclient -keyalg RSA -validity 365 -keystore jwtdemo.keystore -storepass jwtdemo -keypass jwtdemo Create a JWT Signing key and assign corresponding signing jksCreate jwt provider with required claims and assign jwt signing key.It is recommended to check with the vendor to know the mandatory claims for the API.Create a 3rd party Oauth provider in Application Registry. Configure JWT Provider and Signing Keys in ServiceNow.Open oauth entity profile record and assign a jwt provider.Test oAuth Provider via Scripts Background var tokenRequest = new sn_auth.GlideOAuthClientRequest();tokenRequest.setGrantType("urn:ietf:params:oauth:grant-type:jwt-bearer");tokenRequest.setRequestor("someone@someemail.com");var oAuthClient = new sn_auth.GlideOAuthClient();var tokenResponse = oAuthClient.requestTokenByRequest("box_demo", tokenRequest);gs.info("Error:" + tokenResponse.getErrorMessage());var token = tokenResponse.getToken(); dumpToken(token);function dumpToken(token) { if(token) { gs.info("AccessToken:" + token.getAccessToken()); gs.info("AccessTokenExpiresIn:" + token.getExpiresIn()); }} Output: Getting JWTProvider for jwtProviderSysId = e4967691dbf92300980c90b6db96190dAuth com.snc.platform.security.oauth.jwt.JWTProvider@1219a82Auth Cache miss, got jwtProvider from GlideRecord and put in cacheGetting JWTProviderConfig for jwtProviderId = e4967691dbf92300980c90b6db96190dAuth Cache hit. Getting JWTProviderConfiguration from cacheStarted to generate JWTAuthAdding payload claims to jwt with name = box_sub_type and value = enterpriseAuthAdding payload claims to jwt with name = aud and value = https://api.box.com/oauth2/tokenAuthAdding payload claims to jwt with name = sub and value = 120961449AuthAdding payload claims to jwt with name = iss and value = o9xqbay28g97deumamwz2s0tvtsfrusbAuthAdding claims to jwt. Header Claims = [], keyId = , issuedAt = Thu Nov 15 14:36:21 PST 2018, expiresAt = Thu Nov 15 14:37:21 PST 2018, issuer = o9xqbay28g97deumamwz2s0tvtsfrusb, notBefore = null, signingAlgorithms=RS256, jwtId=4370d0df-a37e-4c31-a667-308acb6ac9ceSuccessfully generated JWTOAUTH - OAuthHTTPRequest : Sending http request, url:https://api.box.com/oauth2/tokenOAUTH - OAuthHTTPRequest : Sending http request, body:grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2FwaS5ib3guY29tL29hdXRoMi90b2tlbiIsInN1YiI6IjEyMDk2MTQ0OSIsImJveF9zdWJfdHlwZSI6ImVudGVycHJpc2UiLCJpc3MiOiJvOXhxYmF5MjhnOTdkZXVtYW13ejJzMHR2dHNmcnVzYiIsImV4cCI6MTU0MjMyMTQ0MSwiaWF0IjoxNTQyMzIxMzgxLCJqdGkiOiI0MzcwZDBkZi1hMzdlLTRjMzEtYTY2Ny0zMDhhY2I2YWM5Y2UifQ.G_D4Xbmiml7D2n2pmApXq04npyqhwJ2i78SJeg45k5f1fBBhw4oIjeHH5-En2lawByEuRWjopViM25zXs57E-4DnDzTkJvJnWiHG0oKQdZlcf9EcfWUS2z7tfIvSmI1m_JiepQoQQXWR9eVrwnR0y_-n_K6Qt3C1CUIpY3X7t23gyDEn1D2XVs-WDo_1GZ29YQnVxzQOmcPQafN5oQ8st7dJkv21o71elWU0-pn_34rbx_uJvc80uC-t8PZtNbvuFNYpXNFbu0AC5_QcJ5ZlQFwwO7RofiOSRi25Uq0SoJ_JsfBtlas3iBMFbmDd0i81g4C9ljEOrnF1dhn3ttdQ4A&client_secret=DRcW5sBRcuy4jDqryIoPB5BhCw7h1QzL&client_id=o9xqbay28g97deumamwz2s0tvtsfrusbSecurityUtils: Obfuscating Key : access_token and all its children!OAUTH - OAuthHTTPRequest : Received http response: {"access_token":"********","token_type":"bearer","expires_in":3899,"restricted_to":[]}*** Script: Error:null*** Script: AccessToken:1xyzIxLg8JhFroarvBVCa4XgghdbZ5Eo*** Script: AccessTokenExpiresIn:3899*** Script: RefreshToken:null ReleaseMadridRelated LinksJSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants: https://tools.ietf.org/html/rfc7523oAuth2.0 JWT Bearer Grant Flow - Use the below article to understand JWT Bearer Grant Flow https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow