How to generate bearer token for oAuth 2.0 - Authorization Grant type - Support and Troubleshooting

How to generate bearer token for oAuth 2.0 - Authorization Grant type Issue The Now Platform supports OAuth 2.0 - Authorization Grant type for public clients to generate an access token . This requires 3 steps.

Register the app Generate Authorization Code Generate Bearer Token using Authorization Code. Use Case Use Access Token to access Table API or Scripted Web Service .

Register the app Navigate to System oAuth > Application Registry > Create an OAuth API endpoint for external clients

Name Definition Name Name of the registered app Client ID client id of the registered app Client Secret client secret of the registered app Redirect URI Authorization code is returned to this URI. This is usually the endpoint of the registered app. The screenshot has login.do for demo purposes Authorization Code Life Span The lifespan of the authorization code. Extend the lifespan if required. It expires in 60 seconds by default. Access Token Life Span The lifespan of the access token Refresh Token Life Span The lifespan of the refresh token Generate Authorization Code Authorization code requires a user login . Use these steps to generate an authorization code.

Access the authorization endpoint . This requires response type , redirect uri , and client id: Sample:

https:// .service-now.com/oauth_auth.do?grant_type=authorization_code&redirect_uri=https:// .service-now.com/login.do&client_id= &response_type=code&state=123 Check this link for more info.

The user is redirected to oauth login page: /oauth_login.do

Enter valid credentials. [Ensure the user has permissions to read/write on the oauth_credential table or use "admin" account to override ACL issues] User needs to either Allow/Deny the request.

Authorization code is returned to redirect uri after clicking Allow . https:// .service-now.com/login.do?code=iz8efjPNK-4Q_ZOS3DcEqcJa9oXo1uLhpItv30PhaeknEfGWMF2haVCpYwGLg7cXzVpYqkMnkHF242VuFe8ZCQ&state=123 Authorization code is valid for 60 seconds by default. You can increase this value from the list view or form --> Copy the code as this will be used in the next steps

Generate Bearer Token oauth_token.do supports post ( form url encoded ) to generate an access token. This requires code , redirect uri , client id , client secret , and grant type to generate an access token.

You can either use Postman or cURL to post the request.

Postman

POST

https:// .service-now.com/oauth_token.do Body [x-www-form-urlencoded]

Update "redirect_uri", "grant_type", "code", "client_secret" & "client_id" here

Curl:

curl -d "grant_type=authorization_code&code= &client_id= &client_secret= &redirect_uri=https:// .service-now.com/login.do" https:// .service-now.com/oauth_token.do Sample Output:

{ "access_token": "SFgoFLvSiNVIwtU9O1U0hNsk2PaogKYkyg2KtnoilUmmeliibScwAG8A1vQlXODllLvHhcD1", "refresh_token": "GyLc-OX2Jd-NHpMpQUJbIcOhgqkQu-WoWhqNX68xouWV47Mn2TKqGU12EDsUoShND", "scope": "", "token_type": "Bearer", "expires_in": 1799 }

Release Geneva and newer

Related Links RFC: https://tools.ietf.org/html/rfc6749#section-1.3.1 OAuth authorization code grant flow