I am trying OAuth authentication to service desk application. We are using client credentials type authentication. its working through post man and i am able to get token.
But when i tried through SailPoint getting 'invalid client credentials". Below parameters i have added in Service desk application debug page.
Authentication type : OAuth
GrantType : Refresh_token
Client Id : Client Id added
Client secret : Client secret added
Toekn Url : token url added
Refresh_token : Not sure what to add in this field
Can anyone help me what to pass in âRefresh_Tokenâ field ?
Exactly the refresh token string returned by the service-desk platform (ServiceNow, Cherwell, JIRA âŚ).
You have to generate it once outside IIQ â typically with Postman or curl â using the authorisation-code or password flow that your ticketing system supports.
The sequence is normally:
Create / register an OAuth client in the service-desk system and allow the offline_access (refresh-token) scope.
Perform an initial token call (authorisation-code or password grant).
Copy the refresh_token value from that response.
Paste it into Refresh Token on the IIQ debug page (or in the XML).
Keep Grant Type = Refresh_token; IIQ will swap the refresh token for a new access token whenever it expires.
You can also ask the refresh token from the Application Team, If you donât have all the details.
For Service Now, Below are the detailed steps to generate the Refresh Token -
To generate a refresh token in ServiceNow, you need to follow these steps:
Navigate to System OAuth > Application Registry.
Click New to create a new OAuth application.
Fill in the necessary details like Name, Client ID, Client Secret, etc.
In the âRefresh Token Lifespanâ field, enter the lifespan of the refresh token in seconds.
Save the application.
Now, to generate the refresh token, you need to make an HTTP POST request to the ServiceNow OAuth token endpoint (https://.service-now.com/oauth_token.do).
The request should include the following parameters:
grant_type: Set this to âpasswordâ.
client_id: The Client ID of your OAuth application.
client_secret: The Client Secret of your OAuth application.
username: The username of the ServiceNow user.
password: The password of the ServiceNow user.
The response of this request will include an access token and a refresh token.
You can use the refresh token to get a new access token when the current one expires.
Please note that the refresh token is only provided if the âRefresh Token Lifespanâ field in the OAuth application is set to a value greater than 0.
After i discussed with few people, i came to know if Application support client credentials type authentication , then in SailPoint application debug page should use grant type as âCLIENT_CREDENTIALSâ.
Is this correct? If yes would you pls help me what details need to add in debug page?