Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Now Platform administration
Table of Contents
Choose your release version
    Home New York Now Platform Administration Now Platform administration User administration Authentication OAuth 2.0 Set up OAuth Connect to a third-party OAuth provider

    Connect to a third-party OAuth provider

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Connect to a third-party OAuth provider

    Configure how the client ID and secret are sent to your OAuth provider.

    Before you begin

    Role required: admin

    Procedure

    1. Navigate to System OAuth > Application Registry and then click New.
    2. On the interceptor page, click Connect to a third-party OAuth provider and then fill in the form.
      Field Description
      Name Unique name for the third-party OAuth connection.
      Client ID The client ID of application registered in the third-party OAuth server.
      Client Secret The client secret of the application registered in the third-party OAuth server.
      OAuth API Script The script used to customize request and response to the external OAuth provider.
      Logo URL The OAuth application logo URL.
      Default Grant type The default grant type used to establish the token. Choices include:
      • Authorization Code
      • Resource Owner Password Credentials
      • Client Credentials
      • JWT Bearer
      Refresh Token Lifespan Time, in seconds, that the refresh token is valid. The default time is 8,640,0000 seconds.
      PKCE required Enables public clients to require PKCE for an authorization.
      Note: You can use only Authorization Code as the Default Grant type when PKCE is enabled.
      Code challenge method The code challenge method used in OAuth PCKE workflow. Choices include:
      • S256 [Default]
      • Plain
      • None
      Comments Add any comments regarding the OAuth app.
      Application Application and scope that contain this record.
      Accessible from Make this app accessible from all application scopes or from this scope only.
      Active Select the check box to make the app active.
      Authorization URL The OAuth authorization code endpoint.
      Token URL The OAuth server token endpoint.
      Token Revocation URL The OAuth server token revocation endpoint.
      Redirect URL The OAuth callback endpoint. If blank, the instance auto-generates an entry.
      Use mutual authentication Check the box to use mutual authentication for token request and revocation. This feature requires a mutual authentication profile to be specified.
      Send Credentials The OAuth client populates the client credentials in the request:
      • In Request Body (Form URL-Encoded)
      • Basic Authorization header
      The system creates a record in the Application Registries [oauth_entity] table with type OAuth Provider.
    3. (Optional) Go to the related list on the record OAuth Entity Profiles to validate a system-generated default profile for the new OAuth provider without any scope.
      You can change or add an OAuth provider profile including the name, grant type, and OAuth Scope.
    4. (Optional) Go to the related list on the record OAuth Entity Scopes to define all available OAuth scopes for this OAuth provider. You can select the scopes when you create or update a profile.
      Each OAuth scope contains a name and a scope that you must get from the provider's specification, such as a read scope or a write scope. Each scope must be defined separately.

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Connect to a third-party OAuth provider

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Connect to a third-party OAuth provider

      Configure how the client ID and secret are sent to your OAuth provider.

      Before you begin

      Role required: admin

      Procedure

      1. Navigate to System OAuth > Application Registry and then click New.
      2. On the interceptor page, click Connect to a third-party OAuth provider and then fill in the form.
        Field Description
        Name Unique name for the third-party OAuth connection.
        Client ID The client ID of application registered in the third-party OAuth server.
        Client Secret The client secret of the application registered in the third-party OAuth server.
        OAuth API Script The script used to customize request and response to the external OAuth provider.
        Logo URL The OAuth application logo URL.
        Default Grant type The default grant type used to establish the token. Choices include:
        • Authorization Code
        • Resource Owner Password Credentials
        • Client Credentials
        • JWT Bearer
        Refresh Token Lifespan Time, in seconds, that the refresh token is valid. The default time is 8,640,0000 seconds.
        PKCE required Enables public clients to require PKCE for an authorization.
        Note: You can use only Authorization Code as the Default Grant type when PKCE is enabled.
        Code challenge method The code challenge method used in OAuth PCKE workflow. Choices include:
        • S256 [Default]
        • Plain
        • None
        Comments Add any comments regarding the OAuth app.
        Application Application and scope that contain this record.
        Accessible from Make this app accessible from all application scopes or from this scope only.
        Active Select the check box to make the app active.
        Authorization URL The OAuth authorization code endpoint.
        Token URL The OAuth server token endpoint.
        Token Revocation URL The OAuth server token revocation endpoint.
        Redirect URL The OAuth callback endpoint. If blank, the instance auto-generates an entry.
        Use mutual authentication Check the box to use mutual authentication for token request and revocation. This feature requires a mutual authentication profile to be specified.
        Send Credentials The OAuth client populates the client credentials in the request:
        • In Request Body (Form URL-Encoded)
        • Basic Authorization header
        The system creates a record in the Application Registries [oauth_entity] table with type OAuth Provider.
      3. (Optional) Go to the related list on the record OAuth Entity Profiles to validate a system-generated default profile for the new OAuth provider without any scope.
        You can change or add an OAuth provider profile including the name, grant type, and OAuth Scope.
      4. (Optional) Go to the related list on the record OAuth Entity Scopes to define all available OAuth scopes for this OAuth provider. You can select the scopes when you create or update a profile.
        Each OAuth scope contains a name and a scope that you must get from the provider's specification, such as a read scope or a write scope. Each scope must be defined separately.

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login