OAuth token fetching via MID is supported - Support and Troubleshooting

OAuth token fetching via MID is supported Summary Until the Washington release, ServiceNow did not support fetching OAuth tokens via the MID Server. However, it did support accessing the resource server via the MID Server using OAuth. Starting with the Washington release, ServiceNow introduced support for fetching OAuth tokens via the MID Server, but this was limited to the Client Credentials grant type. From the Yokohama release onwards, ServiceNow has expanded this capability to include additional grant types, such as Authorization Code, Resource Owner Password Credentials, SAML2 Bearer, and JWT-Bearer grant types. Please note that this functionality is available exclusively for the Flow Designer REST Step (IntegrationHub) and not for REST Message. Release Washington and above.

Instructions Here are the steps to configure OAuth token fetching via the MID Server.

1. Navigate to "System OAuth -> Application Registry." 2. Click on "New." 3. Click on "Connect to a third-party OAuth Provider." 4. Fill out the form with the information received from the OAuth Provider. 5. Select the "Default Grant type." 6. Save the record with all the required information. 7. Navigate to "Connections & Credentials -> Credentials." 8. Click on "New." 9. Select "OAuth 2.0 Credentials." 10. Configure the Name. 11. Click on the magnifying glass in "OAuth Entity Profile" to look up using the list. 12. Choose the OAuth Entity Profile created in the previous steps. 13. You will see a new option on the form, "Connect to Auth Server via MID Server." Check this checkbox. 14. Change the "Applies to" field to "Specific MID Servers." 15. Choose a MID server that is currently up and running. Note: The selected MID Server must have REST capabilities. 16. Click on Submit. The setup is ready, follow the below steps to test it: 1. After clicking "Submit," you will see a message at the top: "OAuth Access or Refresh tokens are not available. Verify the OAuth configuration and click the 'Get OAuth Token' link below to request a new token." 2. Click on the "Get OAuth Token" related link. 3. Redirection occurs based on the selected grant type. If you are using the Authorization Code grant type, you will be redirected to the authorization endpoint of the token provider to enter your credentials. On the other hand, if you are using the Password grant type (i.e., ROPC grant type), a login screen will be displayed, prompting you to enter your credentials. 4. Once the credentials are entered and consent is provided, the system creates an output record in the ecc_queue table with the topic as "RESTProbe" and the source as "token endpoint." 6. The MID Server picks up the output record, communicates with the token provider, and responds back with an input record. 7. You can see a token in the oauth_credential table. Additionally, you will see the message "Message: OAuth Access token is available but will expire soon at..." on the credential record. Related Links Refer below documentation for more information:

https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/product/credentials/reference/oauth-2-credentials.html