6

I want to create an application in serviceNow(like Facebook) which through OAuth will be able to call the REST APIs for different instances.

Suppose, I create an app in instance A of servicenow, now through proper OAuth and permission mechanism, I want to access REST APIs of other instances.

Till now, I am able to create an app and have it registered in application registry, and I am also able to verify Oauth (generate tokens) for that instance; but now I want to do it for other instances without creating a new application each time. When I try to do it, I am getting this error:

unauthorized_client: The client credentials provided (those of the
service you are using) are either not valid or not trusted

Junaid Buriro
  • 91
  • 5
  • Can you provide more information on how you are attempting to do this when you are receiving the error that you posted? – Edd Jan 24 '20 at 16:36
  • I don't think you can do that.. I have same issue and switched to use basic auth instead of oauth – Habibillah Jan 26 '20 at 00:04

1 Answers1

2

In your application on Instance A, you need to save OAUTH credentials for each of the instances you're connecting to.
https://docs.servicenow.com/bundle/paris-servicenow-platform/page/product/meeting-extensibility/task/create-app-registry-meeting-extensibility.html

In your app depending on which instance you are connecting to you need to use the correct credential for that instance.

It is not possible to reuse the same OAUTH tokens for multiple instances, as it is possible to reuse the same username:password combo with basic auth.

However you can create a oauth_entity_profile for each connection. Then when doing you're request loop over the list of instances, before sending the request inject the correct authentication.
https://developer.servicenow.com/dev.do#!/reference/api/rome/server/sn_ws-namespace/c_RESTMessageV2API#r_RMV2-setAuthenticationProfile_S_S

While also calling the correct url for the given instance using:
https://developer.servicenow.com/dev.do#!/reference/api/rome/server/sn_ws-namespace/c_RESTMessageV2API#r_RESTMessageV2_setEndpoint_String_endpoint

var instances = [{name: 'instance_x', oauth_id: '2394829384..'}, {name: 'instance_y', oauth_id: '2394829384..'};
for (var i = 0; i < instances.length; i++){
    var inst = instances[i];
    var sm = new sn_ws.RESTMessageV2("<REST_message_record>", "get");  

       //set auth profile to an OAuth 2.0 profile record.
    sm.setAuthenticationProfile('oauth2', inst.oauth_id); 
    sm.setEndpoint("http://web.service.endpoint");


       //In milliseconds. Wait at most 10 seconds for response from http request.
    sm.setHttpTimeout(10000); 
       //Might throw exception if http connection timed out or some issue 
       //with sending request itself because of encryption/decryption of password.
    var response = sm.execute();
    // handle your reponse  
}

Where instances.oauth_id are the id's of records in the oauth_entity_profile table. Which need to be active and have their tokens for it all to work.

Dries Meerman
  • 96
  • 1
  • 6