How to Set Up Log In with OAuth Tokens in Exalate for ServiceNow?

    To sync your data, Exalate requires access to your ServiceNow instance. To avoid storing sensitive information, we provide an alternative way to authenticate to a ServiceNow instance without storing usernames and passwords. Exalate supports the Oauth2 protocol of ServiceNow.

    How to Authenticate and Set Up Exalate with OAuth2?

    1. Enable OAuth on ServiceNow

    To use OAuth API in ServiceNow, make sure the com.snc.platform.security.oauth.is.active system property is in true.
    Check the ServiceNow documentation for more information.


    2. Create an endpoint for clients to access the instance.

    1. After logging in - navigate to System OAuth Application Registry  New.
    2. Select Create an OAuth API endpoint for external clients.
    3. Provide a name for the application registry and extend the access token lifespan.

    The name is used to identify the application registry.
    Exalate will auto-renew the access token whenever the application lifespan expires.  The lifespan is expressed in seconds, 7200 seconds is 2 hours.


    4. Submit the entry, reopen the registry and then copy client_id and client_secret

    5. Now generate a 'refresh token' by entering the following curl command


    read -r -d '' CSECRET <<'EOF'
    
    EOF
    read -r -d '' PASS <<'EOF'
    
    EOF
    curl --data-urlencode "grant_type=password" --data-urlencode "client_id=" --data-urlencode "client_secret=$CSECRET" --data-urlencode "username=" --data-urlencode "password=$PASS" /oauth_token.do
     
     
    # where
    # *  - The clientid from the application registry copied in step 4
    # *  - the clientsecret from the application registry copied in step 4
    # *  - the name of the proxy user
    # *  - the password of the proxy user
    # *  - the url of your servicenow instance

    For instance

    read -r -d '' CSECRET <<'EOF'
    fooobar!aslkfj!0
    EOF
    read -r -d '' PASS <<'EOF'
    ExalatePWD
    EOF
    curl --data-urlencode "grant_type=password" --data-urlencode "client_id=1234567890" --data-urlencode "client_secret=$CSECRET" --data-urlencode "username=ExalateIntegration" --data-urlencode "password=$PASS" https://dev12345.service-now.com/oauth_token.do

    It will return a JSON structure
    { "access_token":"tqIvTscjoS2lV1yrasu-1234455443NUes4YEm1IBdX0EjHUmVB-Y3u6Zur8UgzLj_eTUeEBBmWtEgmw", "refresh_token":"fygKJXPAy3bl9tVaXk-1234455443LiMUeOH7RPYuWg1N2UKnUlZMzzm6UPsZ7DG4jeXPwlBaEw", "scope":"useraccount",\ "token_type":"Bearer", "expires_in":7199 }
    Copy the access_token and refresh_token

    6. Access your exalate node at https://snownode-aaaa-bbbb-cccc-dddd.exalate.cloud

    You can log in using the access_token copied from step 5

    7. Access general settings and hit configure

    Enter the clientid and clientsecret copied in step 4, and the refresh_token in step 5 in the different fields, and save


    8. Get confirmation 

    A flag will be raised in case no access is possible 


    9. All reads/searches/updates will now be done with the proxy users

    This authentication can be used as long as the refresh token is valid. You can configure the token when setting up the endpoint on the first step.

    Generate a new refresh token following step 2 once it's expired -

    We recommend setting a big lifespan on the refresh token - the default setting - 8640000, corresponds to 100 calendar days.

    What to do if the Refresh Token is Expired?

    • Repeat the steps as detailed above (from step 1)