Use a third-party OAuth provider

Each client application must register with the instance to participate in OAuth authorization. You can use a third-party OAuth provider to authorize access.

Before you begin

Role required: admin

About this task

Note: ServiceNow only supports third-party OAuth providers to authorize requests from ServiceNow to third-party APIs.
For example, you might want to integrate with a third-party Calendar service which requires OAuth 2.0 access tokens to read a user's scheduled events and create events. Configure the Calendar service as a third-party OAuth provider. This configuration allows you to get an access token from the Calendar service and then use the token to make requests against the service from ServiceNow.

Procedure

  1. Navigate to System OAuth > Application Registry and then click New.
  2. On the interceptor page, click Connect to a third party OAuth Provider and then fill in the form.
    Field Description
    Name A unique name that identifies the application to access.
    Client ID The unique ID of the application. The instance uses the client ID when requesting an access token. You must get the client ID from the authorization server.
    Client Secret [Required] The shared secret string that the instance and the application use to authorize communications with one another. If you do not enter the correct client secret, tokens are not issued.
    OAuth API Script An optional script that customizes the request and response. The script name must have the prefix OAuth.
    Logo URL The URL that contains an image to use as the application logo.
    Default Grant Type The type of grant:
    • Authorization code: The code that is granted to the client to obtain an access token, which is then used to obtain access to the resource. If you select this option, then you need an authorization URL (the URL of the authorization server).
    • Resource owner password credentials: The username and password of the user that is trying to obtain access to the resource.
    • Client Credentials: The client ID and client secret, which are both used to get the access token. This method does not provide refresh tokens.
    Refresh Token Lifespan The refresh token lifespan in seconds.
    Accessible from The application scope that this registry is accessible from.
    Active A check box that indicates that the application registry is active.
    Authorization URL The URL of the endpoint to authorize the user if you are using the authorization code grant type. If you are accessing another ServiceNow instance, append /oauth_auth.do to the URL.
    Token URL The location of the token endpoint that the instance uses to retrieve and refresh tokens. If you are accessing another ServiceNow instance, append /oauth_token.do to the URL.
    Redirect URL The application endpoint that receives the authorization code. Leave th field empty to have the instance auto-generate the URL. If you are accessing another ServiceNow instance, append /oauth_redirect.do to the URL.
    Token Revocation URL The location of the endpoint that the instance uses to revoke the token. If you are accessing another instance, append /oauth_revoke.do to the URL.
    Comments Additional information to associate with the application.
    Embedded lists
    OAuth Entity Profiles The profiles that is associated with the OAuth provider. The profile includes the grant type. Click the profile name to go to the OAuth Entity Profile form.
    OAuth Entity Scopes The entity scopes associated with the OAuth provider. The scope identifies the services the application has access to. Click the scope name to go to the OAuth Entity Scope form.
  3. Click Submit. The record is saved in the Application Registries [oauth_entity] table.

Result

The system creates a record in the Application Registries [oauth_entity] table of type OAuth Provider. The instance also auto-generates a default profile using the specified grant type, but without any scopes. You can create additional profiles, each with scopes.