Skip to main content

After following the steps for integrating with ServiceNow: we get the following error: Error occured while creating Business Application Hierarchy in Lucidchart. Please try again.

ServiceNow is describing the issue as a Token issue.
Is anyone familiar with how to solve this?

Hello, 

Thanks for posting in the Lucid Community!

To ensure we are on the same page, please review our Integrate Lucidchart with ServiceNow Article

As a first step please try in a private or incognito window to help us narrow down the potential cause? Could you also try connecting to a different network or disconnecting from your VPN (if applicable)? Sometimes account performance issues can be related to internet security/speed or browser issues. These steps will help us eliminate that possibility. For help with opening an incognito window, please see this community post (in English).

If those don’t resolve the problem, can you please provide the details below:

  • At what point you are receiving this error? is this happening when you are installing the integration? 

We appreciate your time.


Hello,

We followed your article as well as the ServiceNow guide:
Lucidchart diagramming Spoke (servicenow.com)

This is the guide we followed for the OAuth setup:
Create OAuth 2.0 Client in Lucidchart (servicenow.com)

During the build of the credentials:
Create a connection and credential alias for the Lucidchart diagramming spoke (servicenow.com)

We are getting a Token error from Lucidchart.  


Hi @Chris.Engstrom, thanks for getting back to us with that info. I’ve moved your post to our Lucid for Developers space where we provide support for Lucid’s public APIs. We’re looking into this and will get back to you shortly.


@Chris.Engstrom Based on the information you've provided, here are some steps and clarifications that might assist you in resolving the issue:

  1. Please ensure that the redirect URI registered in your Lucid developer portal matches exactly with the URI configured in your ServiceNow application.

  2. We noticed a potential typo in the ServiceNow documentation regarding the connection URL. It should be https://api.lucid.co, not https://api.lucid.com

  3. We recommend reviewing our OAuth documentation for a comprehensive understanding of the OAuth integration process with Lucid. This documentation may provide additional insights that are not covered in the ServiceNow guide.

  4. It would be helpful to know the scope assigned to your OAuth token. Is the scope being set manually in your integration setup, or is it handled automatically by ServiceNow's app? The scope determines the level of access granted to the OAuth token and is crucial for proper functionality. The Service Now documentation says the Team Admin role is required to setup this integration so I suspect this may be an Account token scope.


The servicenow documentation doesn’t describe the difference between a user token and an account token.  It also does not describe the connection URL or scope.  This seems to be a large gap in implementation.

When I am following your OAuth2 steps in your documentation; the authorization step returns with a 400-invalid redirect uri.  which looks exactly like the documentation (my client ID is in place instead)

"400-Invalid redirect uri https://lucid.app/oauth2/clients/CHRy…./redirect

Also - the ServiceNow asks for only a Token URL which we have as: https://api.lucid.co/oauth2/token


Thank you @Chris.Engstrom  for your detailed response! It seems the primary issue is related to the redirect URI during the OAuth authorization step (instructions here for constructing your authorization url). 

Here are a few key points and questions to help us move forward:

  1. Could you please let us know how you are initiating the OAuth request? Are you using a specific tool like CLI, Postman, or is it directly through ServiceNow? 

  2. It’s important to use the appropriate redirect URI based on how you're making the request. If you're initiating the request through ServiceNow, you should use the ServiceNow redirect URI. The Lucid sample redirect URI is primarily for testing your Lucid OAuth 2.0 client with the Command Line or an API tool like Postman.

  3. If you wish to test with the Lucid-provided sample redirect URI, you can construct the complete URL and manually enter it in your browser while logged into Lucid. This can help verify if the issue lies with the redirect URI or another part of the OAuth flow.

  4. The token URL https://api.lucid.co/oauth2/token you mentioned is correct. Please confirm this is what's being used in your ServiceNow integration.

Lastly, we understand your concerns about the ServiceNow documentation. As Lucid’s control over third-party documentation is limited, we recommend contacting ServiceNow's support for specific guidance on their documentation.

Regarding OAuth tokens:

  • User Tokens are typically for individual user actions.
  • Account Tokens generally grant broader, organizational-level permissions.

  1. Through ServiceNow
  2. I have two redirect URI defined.  Is this a problem?  Does order matter?
  1. for ServiceNow, I assume this should be account tokens as our Admins are not our users of the Lucid Integration.

@Chris.Engstrom It's correct that having two redirect URIs registered shouldn't cause issues and the order doesn’t have an impact. Each OAuth request will use the redirect URI specified in that particular request. Ensure that this URI is an exact match to one of the redirect URIs registered in the Lucid developer portal, and remember to include only one redirect URI in your OAuth request.

If you’re still encountering the “400-Invalid redirect uri” error, I suggest testing your redirect URI (#3 in my last comment). Additionally, I recommend manually generating an OAuth token using a curl command in your CLI or a tool like Postman, as detailed in our OAuth documentation. This is a key step to determine whether the issue lies within the OAuth setup in Lucid or with the ServiceNow application.


If you can generate an OAuth token using the manual method, but still face issues with the ServiceNow integration, it might indicate a problem on the ServiceNow side. In this case, I suggest reaching out to ServiceNow support for further assistance.

Please keep us updated on your findings, we’re here to help!


Update:  got the account token. and still getting this error.
Working with ServiceNow support and will update here when I have something:

Error occured while creating Business Application Hierarchy in Lucidchart. Please try again.


Since you’re still having this error with an account token, one last thing we will want to check is whether the requests you will be sending with the ServiceNow <> Lucid integration actually requires a user token. If a user token is required, you will simply need to be sure your authorization URL is https://api.lucid.co/oauth2/authorize (for a user token) as opposed to https://api.lucid.co/oauth2/authorizeAccount.

 

For example, our Import Document request requires a user token with any of the following scopes: lucidchart.document.content, lucidchart.document.app.folder, lucidspark.document.content, lucidspark.document.app.folder.

 

An example of a valid authorization URL for this token would be: 

https://lucid.app/oauth2/authorize?client_id={insert clientID} &redirect_uri={inser redirect URI} &scope={any of the scopes listed above}

 

 


Reply