Generate ServiceNow OAuth Tokens

To connect ServiceNow to a Knowledge Hub knowledge base, you must either provide your ServiceNow credentials to NiCE Professional Services or enter them in Knowledge Hub yourself. This page describes how to generate those credentials, also called OAuth tokens. You should treat the OAuth tokens like passwords. Be sure to store them in a secure location. If you lose them, you'll have to regenerate them.

This method is a developer effort. It requires knowledge of Python and ServiceNow admin privileges.

Complete each of these tasks in the order given.

Install Python

Complete this task if you don't already have Python installed on your computer.

  1. Install Python Box with arrow indicating navigation to external site..

  2. Run the installer. Select the box for Add python.exe to PATH, then click Install Now.

Create an OAuth Application in ServiceNow

Create an OAuth application in the ServiceNow application registry.

For more information on using ServiceNow, see developer.servicenow.com Box with arrow indicating navigation to external site..

  1. Log in to the ServiceNow application registry.

  2. Navigate to System OAuth > Application Registry.

    Using the Application Navigator (left sidebar), go to: System Definition > Application Registry. Or, search for Application registry.

    The three dots icon is clicked, and a drop-down appears. In that drop-down, Application registry has been searched and appears as an option.

  3. On the Application Registries page, click New in the top right.

  4. Select Create an OAuth API endpoint for external clients and click Next.

  5. Enter a Name for the OAuth application.

  6. Click Submit.

Configure the OAuth Application

Next, configure the settings for the OAuth application you just created in ServiceNow.

  1. If you haven't already, open the OAuth application you created in the previous section.

  2. Enter a Refresh Token Lifespan. This is the number of seconds that pass before the refresh token expires and you have to re-authenticate. For example, if you enter 31,536,000, the token expires after one year. This is the recommended value. The default is 100 days, or 8,640,000 seconds.

  3. Enter an Access Token Lifespan. This is the number of seconds that pass before the access token expires. For example, if you enter 7,200, the token expires after two hours. The default is 30 minutes, or 1,800 seconds.

  4. In Redirect URL, enter https://{aws-region}.console.aws.amazon.com/appflow/oauth. For example, if you are in the us-west-2 region, enter the following: https://us-west-2.console.aws.amazon.com/appflow/oauth

  5. Click Update.

Copy and Store Client ID and Client Secret

When you create and configure an OAuth application, ServiceNow automatically generates the client ID and client secret. These are two of the credentials needed to connect ServiceNow to Knowledge Hub.

  1. In the OAuth application you created, locate the Client ID and Client Secret fields.

  2. Copy the client ID and client secret and store them in a secure location.

    ServiceNow only shows the client secret for an OAuth application once. If you lose it, you'll need to reset it.

Add OAuth Scopes

Then, add the required OAuth scopes to your OAuth application in ServiceNow.

  1. In the OAuth application you created, click the OAuth Scopes list.

  2. Click in the search bar. This redirects you to the Authentication Scopes page.

  3. Click New.

  4. In Name, enter useraccount.

  5. Click Submit.

  6. Repeat steps 3 through 5 to add the following OAuth scopes:

    • openid

    • profile

    • email

    • offline_access

    Enter those exact values in the Name field.

Prepare OAuth Tokens

Then, prepare the OAuth tokens for use in your Python script by using the template below.

  1. Copy and paste the following lines of code into a text editor:

    
redirect_uri = '[Enter Redirect URL]'
client_id = '[Enter Client ID]'
client_secret = '[Enter Client Secret]'
instance = '[Enter ServiceNow instance]'
token_url = f"https://[instance].service-now.com/oauth_token.do"

  2. Change the value of the redirect_uri attribute to https://{aws-region}.console.aws.amazon.com/appflow/oauth. This should match the URL you entered in the Redirect URL field in the OAuth application you created. For example, if you are using us-west-2, enter the following: https://us-west-2.console.aws.amazon.com/appflow/oauth

  3. Change the value of the client_id attribute to the Client ID of the OAuth application you created.

  4. Change the value of the client_secret attribute to the Client Secret of the OAuth application you created.

  5. Change the value of the instance attribute to the name of your production instance. For example, if your production instance URL is classics.service-now.com, then instance = 'classics'.

  6. Change the value of the token_url attribute to include your ServiceNow instance. For example, token_url = f"https://classics.service-now.com/oauth_token.do".

Run the Python Script

Finally, run a Python script to test the OAuth integration and retrieve your ServiceNow access token, refresh token, and auth code.

  1. Open a text editor and start a Python file.

  2. Copy and paste the lines of code from this TXT file into your Python file.

  3. Replace the values of lines 4 through 8 with the OAuth tokens you prepared.

  4. Open any IDE and run the Python script.

  5. Copy the URL the script generates. Paste it into your browser.

  6. Click Allow to allow the script to connect to your personal developer instance.

  7. Copy the URL of the page that appears. It should begin with https://us-west-2.console.aws.amazon.com/appflow/oauth?code=.

  8. Navigate back to your IDE. Paste the URL after the prompt Enter the redirected URL:.

  9. Press Enter. Your access token, refresh token, and auth code are generated in a file named servicenow_credentials.txt. That file is automatically saved to your desktop.

Troubleshoot Common Errors

  • Invalid client: If you receive this error, verify that the client_id and client_secret attributes match the values in the Client ID and Client Secret fields of your OAuth application. Also, check that the OAuth application is active.

  • Invalid scope: If you receive this error, make sure you've added all five required scopes to your OAuth application. Verify that each scope is spelled correctly and properly URL-encoded, with no spaces.

  • Invalid grant: If you receive this error, check if your refresh token has expired. Also, verify that the refresh token is correctly included in the request.

  • Redirect URL mismatch: If you receive this error, make sure the redirect URL in your request exactly matches the value of the Redirect URL field in your OAuth application.