web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / ServiceNow Connector -...
Copilot Studio
Unanswered

ServiceNow Connector - Missing Code_Challenge Parameter

(1) ShareShare
ReportReport
Posted on by CU06041633-0 4
I am trying to use the ServiceNow Connector in Copilot Studio, but I am having difficulties establishing the connection. I am trying to authenticate using OAuth2 and I have created an OAuth API endpoint for external clients. However, whenever I test the connection using Copilot Studio, it gives me the error: Missing code_challenge parameter in the request. I have tested this connecting using Postman and it works, but not sure why it doesn't work with Copilot. Anyone have any ideas on how to fix this?
Categories:
General topics
I have the same question (0)
  • Suggested answer
    Michael E. Gernaey Profile Picture
    Michael E. Gernaey 53,335 Super User 2025 Season 2 on at
     
    Are you adding the header?
     
    Firstly let me share this
     
    And Share this where you can see to generate the challenge
     
    Here's a breakdown of the process:
     
    1. Understanding the Concept
    • PKCE (Proof Key for Code Exchange):
      PKCE is a security enhancement for OAuth 2.0 authorization code grant, designed to protect against potential vulnerabilities, especially when dealing with public clients.
    • Code Verifier and Code Challenge:
      A code verifier is a randomly generated secret, and the code challenge is a transformed version of the code verifier, used in the authorization request. 
       
    2. Power Automate Flow Steps
    • Create a Power Automate Flow:
      • Start a new automated cloud flow in Power Automate. 
         
      • Choose a trigger that suits your needs, such as "When an HTTP request is received" or "When an item is created/modified". 
         
    • Generate a Code Verifier:
      • Add a "Compose" action to generate a random code verifier. 
         
      • Use a formula like base64ToText(encodeBase64(NewGuid())) to create a random string. 
         
    • Derive the Code Challenge:
      • Add another "Compose" action to derive the code challenge. 
         
      • Use a formula like sha256(base64ToText(encodeBase64(outputs('Compose_1').body))) to perform the SHA256 hash of the code verifier. 
         
    • Store the Code Verifier:
      • Add a "Create file" action to store the code verifier securely. 
         
    • Prepare the Authorization Request:
      • Add an "HTTP" action to make the request to the ServiceNow authorization endpoint. 
         
      • Configure the request with:
        • Method: POST 
           
        • URL: ServiceNow's authorization endpoint URL 
           
        • Headers:
          • Content-Type: application/x-www-form-urlencoded 
             
          • Authorization: Bearer <your_bearer_token> (if applicable) 
             
        • Body:
          • client_id=<your_client_id> 
             
          • redirect_uri=<your_redirect_uri> 
             
          • scope=<your_scope> 
             
          • code_challenge=<code_challenge> 
             
          • code_challenge_method=S256 
             
          • state=<your_state> (optional, for tracking) 
             
    • Handle the Response:
      • Add actions to handle the response from ServiceNow, such as:
        • Extracting the authorization code from the response 
           
        • Sending the authorization code to the next step in your flow 
           
        • Storing the authorization code for later use 
           
    3. ServiceNow Configuration
    • OAuth 2.0 Application:
      • Create an OAuth 2.0 application in ServiceNow.
      • Configure the application with:
        • Client ID: The client ID for your application
        • Client Secret: The client secret for your application
        • Redirect URI: The URL where ServiceNow will redirect the user after authorization
        • Scope: The permissions your application needs
    • Authorization Endpoint:
      • Note the authorization endpoint URL for your ServiceNow instance. 
     
     
    If this helps please Mark as such and maybe a like!!
     
    Cheers
  • EF-02072235-0 Profile Picture
    EF-02072235-0 3 on at
    Hello @Michael E. Gernaey

    I am having a similar issues when trying to establish a Service Now Knowledge Base for my Agent. It seems like the "Code_Challenge" parameter in the header of the request might note be there? how do you fix that? I have tried in both Chrome and Edge.


Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 255 Super User 2025 Season 2

#2
Romain The Low-Code Bearded Bear Profile Picture

Romain The Low-Code... 205 Super User 2025 Season 2

#3
S-Venkadesh Profile Picture

S-Venkadesh 101 Moderator

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ❤️ MCP" lab
Welcome to the Copilot Studio forum!

Product updates

Microsoft Power Platform Community release plans