Once upon a time, I wanted to set up an integration between Servicenow and Google using OAuth 2.0. I went straight ahead to the Servicenow documentation. Everything was there, so I started following the steps provided.
It worked! I could test the connection and get some data from one of the services provided by Google.
However, I was a bit puzzled because the access token was only valid for one hour. And the tutorial ends there. So, what next?
After reading some threads in the community (with more questions than answers), I stumbled upon one of the Live Code Happy Hour sessions where they figured it out.
All the information is out there, but a bit disperse. So, I’ll try to put everything together in this post.
Follow Servicenow Steps
- OAuth 2.0 tutorial – configure the Google service as an OAuth provider
Use the Google Developer Console to set up an OAuth 2.0 provider. - OAuth 2.0 tutorial – create an OAuth provider and profile
Set up the Google service as an OAuth provider in ServiceNow by entering your client information, Google API URLs, and configuring the OAuth profile. - OAuth 2.0 tutorial – create a REST message
Create a REST message and associated HTTP method to contact the Google service using the OAuth 2.0 profile.
Access token and Refresh token
After following the steps provided in the Servicenow documentation, you will have an Access token that will expire in one hour. You will need to repeat the process of getting an OAuth token every time you want to run the service.
That is not very useful after the testing phase. You need a Refresh token to automate this process.
According to Google documentation, you need to add the parameter access_type=offline when you request an access token for the first time.
access_type: Recommended. Indicates whether your application can refresh access tokens when the user is not present at the browser. Valid parameter values are online, which is the default value, and offline.
Set the value to offline if your application needs to refresh access tokens when the user is not present at the browser. This is the method of refreshing access tokens described later in this document. This value instructs the Google authorization server to return a refresh token and an access token the first time that your application exchanges an authorization code for tokens.
Requesting the refresh token from Servicenow
As explained by Josh Nerius in the following video, you need to create a Script Include.
Make a copy or extend OAuthUtil and add the parameter in the function preprocessAuthCode.
var OAuthGoogleHandler = Class.create();
OAuthGoogleHandler.prototype = {
initialize: function() {},
interceptRequestParameters: function(requestParamMap) {
// Add/Modify request parameters if needed
this.preprocessAccessToken(requestParamMap);
},
parseTokenResponse: function(accessTokenResponse) {
this.postprocessAccessToken(accessTokenResponse);
},
preprocessAuthCode: function(requestParamMap) {
requestParamMap.put('access_type', 'offline'); //Request the refresh token
},
preprocessAccessToken: function(requestParamMap) {
},
postprocessAccessToken: function(accessTokenResponse) {
var contentType = accessTokenResponse.getContentType();
if (contentType && contentType.indexOf('application/json') != -1) {
var tokenResponse = (new global.JSON()).decode(accessTokenResponse.getBody());
var paramMap = accessTokenResponse.getparameters();
for (param in tokenResponse) {
paramMap.put(param, tokenResponse[param].toString());
}
}
},
type: 'OAuthGoogleHandler'
}
Select this Script in the Application Registry (Only Script Includes starting by “Oauth” will be available).
Check your OAuth tokens
Go to the module “Manage Tokens” under the application “System OAuth“.
You should see two tokens:
- Access Token: valid for one hour
- Refresh Token: valid for 100 days. This is the default value set by Servicenow. Google refresh tokens don’t have an expiration date. “Expires” date can be modified manually to set a date far in the future.
Warning: Google refresh tokens don’t expire, but don’t remove the “Expires” date. If you do, Servicenow will consider that no valid refresh token is available.
I requested an access token before adding the Script Include and I can’t get a refresh token now. Why?
You can only get the refresh token the first time you authorise the application to interact with Google.
access_type: This value instructs the Google authorization server to return a refresh token and an access token the first time that your application exchanges an authorization code for tokens.
Don’t panic! You can revoke access to your app and repeat the process after you set up the Script Include.
