Automatically get a new OAuth Refresh Token When The Old One Expires (Unsupported Custom Scheduled Job) - Support and Troubleshooting

Automatically get a new OAuth Refresh Token When The Old One Expires (Unsupported Custom Scheduled Job) Description You can have a Scheduled Script Execution with the below script automatically retrieve new refresh tokens that are about to expire (as long as the refresh token has not yet expired) . This example is for Outbound Rest messages configured with Oauth .

Please note this is just a sample script for reference, and counts as an unsupported customisation. Any further customization should be made referring to ServiceNow documentation for OAuth client libraries.

Important note: Please note that the ServiceNow platform can fetch a new access token if the previous access token has expired and only if a valid refresh token is present in the oauth_credential table. Customers are not required to write a scheduled job to fetch the new access token. The intended purpose of this knowledge base article is to automate the refresh token retrieval process, not the access token retrieval process.

Instructions function refreshAccessToken (requestorId, oauthProfileId, token) {

if ( !(token && requestorId && oauthProfileId))

return;

var tokenRequest = new sn_auth.GlideOAuthClientRequest();

tokenRequest.setGrantType("refresh_token");

tokenRequest.setRefreshToken(token.getRefreshToken());

tokenRequest.setParameter('oauth_requestor_context','sys_rest_message');

tokenRequest.setParameter('oauth_requestor', requestorId);

tokenRequest.setParameter('oauth_provider_profile',oauthProfileId);

var oAuthClient = new sn_auth.GlideOAuthClient();

var tokenResponse = oAuthClient.requestTokenByRequest(null,tokenRequest);

var error = tokenResponse.getErrorMessage();

if (error)

gs.warn("Error:" + tokenResponse.getErrorMessage());

}

function isExpired (expiresIn, withinSeconds) {

if (expiresIn > withinSeconds)

return false;

return true;

}

function getToken (requestorId, oauthProfileId) {

if (!requestorId || !oauthProfileId)

return null;

var client = new sn_auth.GlideOAuthClient();

return client.getToken(requestorId, oauthProfileId);

}

function checkAndRefreshAccessToken (grRestMessage) {

if (grRestMessage.getValue("authentication_type") != "oauth2" )

return false;

var accountMsg = grRestMessage.getValue("name");

if (!accountMsg)

accountMsg = grRestMessage.getUniqueValue();

accountMsg = "Account=\"" + accountMsg + "\"";

var token = getToken(grRestMessage.getUniqueValue(), grRestMessage.getValue('oauth2_profile'));

var accessToken = token.getAccessToken();

if (accessToken) {

if (!isExpired(token.getExpiresIn(), 300))

return;

}

if (!token.getRefreshToken()) {

gs.error("No OAuth refresh token for Rest Message. Manual reauthorization required. " + accountMsg);

return;

}

if (isExpired(token.getRefreshTokenExpiresIn(), 0)) {

gs.error("OAuth refresh token for Rest Message is expired. Manual reauthorization required. " + accountMsg);

return;

}

gs.info("Refreshing oauth access token for Rest Message account. " + accountMsg);

refreshAccessToken(grRestMessage.getUniqueValue(), grRestMessage.getValue('oauth2_profile'), token);

}

var grAccount = new GlideRecord("sys_rest_message");

grAccount.addQuery("authentication_type", "oauth2");

grAccount.addNotNullQuery("oauth2_profile");

grAccount.query();

while (grAccount.next()) {

checkAndRefreshAccessToken(grAccount);

}