Search Knowledge Base by Keyword


This guide describes the OAuth integration process of WinKK Passport to be used as the OAuth Provider for ServiceNow.


ServiceNow only supports third-party OAuth providers to authorize requests from ServiceNow to third-party APIs, as stated in the official docs. That means ServiceNow does not provide OAuth-based SSO support, it can only obtain an access token from some WinKK application and use it to authorize requests.

WinKK Passport Initial Configurations

  1. Open, login with your profile, and open the Applications tab.
  2. Add a new application.
Winkk Passport Applications Tab
  • Name – doesn’t matter
  • URL – doesn’t matter, can be your ServiceNow instance host for example
  • Interface – OAuth2
  • Authentication type – doesn’t matter
  • Secret – check Generate new secret key
  • OAUTH2 DATA SHARING – check the data sharing requirements on your choice, see the documentation for details:
  1. Click Save and leave this tab opened in a browser to view the created app’s identifier and its’ generated secret key.

ServiceNow Configurations

  1. Log into your ServiceNow instance, navigate to the Application Registry in the menu on the left and click New in the opened panel.
  1. Select Connect to a third party OAuth Provider in the opened screen.
  1. In the next screen fill all configs in the following way.
  • Name – doesn’t matter
  • Client ID – the identifier obtained in the previous section (next to the APPLICATION label, without #)
  • Client Secret – fill with the INTERFACE SECRET KEY, obtained in the previous section
  • OAuth API Script – fill with OAuthUtil (autocompletion should work) then click on the (i) (Preview this record) icon near this field and open the link from the Open Record button in the new tab to return to it later.
  • Logo URL – can be left blank
  • Default Grant type – select Authorization Code
  • Refresh Token Lifespan – can be left with the default value
  • PKCE required – should be left unchecked
  • Comments – are not required
  • Application – Global
  • Accessible from – can be left with All application scopes selection
  • Active – checked
  • Authorization URL –
  • Token URL –
  • Token Revocation URL – can be left blank
  • Redirect URL –,where INSTANCE should be replaced with your actual instance name
  • Use mutual authentication – can be left unchecked
  1. Click Submit.
  2. Navigate to the OAuthUtil Script Include tab opened during the configuration above. Comment lines 27 and 32 for appropriate parsing of the access token.
  1. Or you can just copy the ready-to-use code from the listing below.
var OAuthUtil = Class.create();
OAuthUtil.prototype = {
    initialize: function() {

    interceptRequestParameters : function(requestParamMap) {
        // Add/Modify request parameters if needed

    parseTokenResponse: function(accessTokenResponse) {

    preprocessAuthCode: function(requestParamMap) {

    preprocessAccessToken: function(requestParamMap) {
    postprocessAccessToken: function(accessTokenResponse) {
        var contentType = accessTokenResponse.getContentType();
        var contentBody = accessTokenResponse.getBody();'contentType: ' + contentType);'contentBody: ' + contentBody);

        //if (contentType && contentType.indexOf('application/json') != -1) {
            var tokenResponse = (new global.JSON()).decode(accessTokenResponse.getBody());
            var paramMap = accessTokenResponse.getparameters();
            for (param in tokenResponse)
                paramMap.put(param, tokenResponse[param].toString());

    type: 'OAuthUtil'
  1. Click Update.
    This action is required to make ServiceNow correctly parse the response with an access token from WinKK Passport. It’s better to create a new Script Include for this purpose, but to keep this guide simple it’s easier to modify the existing script instead.
  2. To check if ServiceNow can obtain the access token successfully navigate to the REST Message screen and click New button.
  1. All required configs can be filled in any way, it doesn’t matter excepting that:
  • Authentication type – should have OAuth 2.0 selected and OAuth profile – should be the profile created during the configuration above.
  1. Click Submit.
  2. Now open the created REST Message, click on Get OAuth Token link and complete the authorization. After that, the token availability prompt will appear at the top of the screen.
Was this article helpful?
How can we improve this article?

Leave a Reply

Your email address will not be published. Required fields are marked *