Add support for authenticating with OAuth Client Credential Grant#292
Open
jmunroBT wants to merge 1 commit intoSnow-Shell:masterfrom
Open
Add support for authenticating with OAuth Client Credential Grant#292jmunroBT wants to merge 1 commit intoSnow-Shell:masterfrom
jmunroBT wants to merge 1 commit intoSnow-Shell:masterfrom
Conversation
gdbarron
reviewed
Jan 31, 2026
|
|
||
| [Parameter(Mandatory, ParameterSetName = 'OAuth')] | ||
| [Parameter(Mandatory, ParameterSetName = 'OAuthProxy')] | ||
| [Parameter(Mandatory, ParameterSetName = 'OAuthClientCredential')] |
Collaborator
There was a problem hiding this comment.
we'll need to add a OAuthClientCredentialProxy paramset for ClientCredential, Proxy, and ProxyCredential params.
Collaborator
|
This looks nice, thanks! I'll have to do some local testing, but on first glance I just had that one comment on the paramsets. Also, nice finds on those couple of typos! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
These changes were developed to support OAuth flows required by our internal production use of this module, and we’re sharing them here in case they’re useful to the broader community. Maintainers are welcome to adapt or refine it further as they see fit.
This pull request enhances the ServiceNow PowerShell module's OAuth authentication flow, adding support for both the "password" and "client_credentials" OAuth grant types.
OAuth Grant Type Support and Session Handling:
OAuthClientCredentialparameter set inNew-ServiceNowSession, allowing users to authenticate using the "client_credentials" grant type for machine-to-machine scenarios.GrantType) and always stores the client credential, ensuring the correct refresh or re-authentication flow can be determined later.Token Request and Refresh Logic:
New-ServiceNowSessionto dynamically build the OAuth token request body based on the grant type, supporting both "password" (user credentials) and "client_credentials" (no user context) flows.Get-ServiceNowAuthto distinguish between grant types: it re-authenticates using client credentials if no refresh token is available, or uses the refresh token if present (password grant). It also handles the absence of a refresh method gracefully.Bug Fixes and Minor Improvements:
Invoke-RestMethod:TimeoutSec, ensuring correct timeout handling for REST calls.