feat(service-now): added service now block

Author: emir-karabeg

apps/docs/content/docs/en/tools/meta.json

@@ -81,6 +81,7 @@
     "sentry",
     "serper",
     "sftp",
+    "servicenow",
     "sharepoint",
     "shopify",
     "slack",

apps/docs/content/docs/en/tools/servicenow.mdx

@@ -0,0 +1,138 @@
+---
+title: ServiceNow
+description: Create, read, update, and delete ServiceNow records
+---
+
+import { BlockInfoCard } from "@/components/ui/block-info-card"
+
+<BlockInfoCard 
+  type="servicenow"
+  color="#81B5A1"
+/>
+
+{/* MANUAL-CONTENT-START:intro */}
+[ServiceNow](https://www.servicenow.com/) is a leading cloud-based platform that provides IT service management (ITSM), IT operations management (ITOM), and IT business management (ITBM) solutions. ServiceNow helps organizations automate workflows, manage digital operations, and deliver exceptional employee and customer experiences.
+
+ServiceNow offers a comprehensive platform for managing IT services, incidents, problems, changes, and other business processes. With its flexible table-based architecture, ServiceNow can be customized to manage virtually any type of record or business process across an organization.
+
+Key features of ServiceNow include:
+
+- **IT Service Management**: Comprehensive ITSM capabilities including incident, problem, change, and request management
+- **Custom Tables**: Flexible table-based architecture allowing organizations to create custom tables for any business process
+- **Workflow Automation**: Powerful workflow engine for automating business processes and approvals
+- **REST API**: Robust REST API for programmatic access to ServiceNow data and operations
+
+In Sim, the ServiceNow integration enables your agents to interact directly with ServiceNow records and tables. This allows for powerful automation scenarios such as automated incident creation, ticket updates, user management, and custom table operations. Your agents can create, read, update, and delete records in any ServiceNow table (incidents, tasks, users, custom tables, etc.) programmatically. This integration bridges the gap between your AI workflows and your ServiceNow instance, enabling seamless automation of IT service management tasks and business processes.
+{/* MANUAL-CONTENT-END */}
+
+
+## Usage Instructions
+
+Integrate ServiceNow into the workflow. Can create, read, update, and delete records in any ServiceNow table (incidents, tasks, users, etc.). Supports OAuth 2.0 (recommended) or Basic Auth authentication.
+
+
+
+## Tools
+
+### `servicenow_create`
+
+Create a new record in a ServiceNow table
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `instanceUrl` | string | Yes | ServiceNow instance URL \(e.g., https://instance.service-now.com\) |
+| `authMethod` | string | Yes | Authentication method: `oauth` or `basic` |
+| `credential` | string | No | ServiceNow OAuth credential ID \(required when authMethod is `oauth`\) |
+| `username` | string | No | ServiceNow username \(required when authMethod is `basic`\) |
+| `password` | string | No | ServiceNow password \(required when authMethod is `basic`\) |
+| `tableName` | string | Yes | Table name \(e.g., incident, task, sys_user\) |
+| `fields` | json | Yes | Fields to set on the record \(JSON object\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `record` | json | Created ServiceNow record with sys_id and other fields |
+| `metadata` | json | Operation metadata including record count |
+
+### `servicenow_read`
+
+Read records from a ServiceNow table
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `instanceUrl` | string | Yes | ServiceNow instance URL |
+| `username` | string | Yes | ServiceNow username |
+| `password` | string | Yes | ServiceNow password |
+| `tableName` | string | Yes | Table name \(e.g., incident, task, sys_user\) |
+| `sysId` | string | No | Specific record sys_id to retrieve |
+| `number` | string | No | Record number \(e.g., INC0010001\) |
+| `query` | string | No | Encoded query string \(e.g., "active=true^priority=1"\) |
+| `limit` | number | No | Maximum number of records to return |
+| `fields` | string | No | Comma-separated list of fields to return |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `records` | array | Array of ServiceNow records |
+| `metadata` | json | Operation metadata including record count |
+
+### `servicenow_update`
+
+Update an existing record in a ServiceNow table
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `instanceUrl` | string | Yes | ServiceNow instance URL |
+| `username` | string | Yes | ServiceNow username |
+| `password` | string | Yes | ServiceNow password |
+| `tableName` | string | Yes | Table name \(e.g., incident, task, sys_user\) |
+| `sysId` | string | Yes | Record sys_id to update |
+| `fields` | json | Yes | Fields to update \(JSON object\) |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `record` | json | Updated ServiceNow record |
+| `metadata` | json | Operation metadata including updated fields |
+
+### `servicenow_delete`
+
+Delete a record from a ServiceNow table
+
+#### Input
+
+| Parameter | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `instanceUrl` | string | Yes | ServiceNow instance URL |
+| `username` | string | Yes | ServiceNow username |
+| `password` | string | Yes | ServiceNow password |
+| `tableName` | string | Yes | Table name \(e.g., incident, task, sys_user\) |
+| `sysId` | string | Yes | Record sys_id to delete |
+
+#### Output
+
+| Parameter | Type | Description |
+| --------- | ---- | ----------- |
+| `success` | boolean | Whether the deletion was successful |
+| `metadata` | json | Operation metadata including deleted sys_id |
+
+
+
+## Notes
+
+- Category: `tools`
+- Type: `servicenow`
+- Authentication: Supports OAuth 2.0 (recommended) via Sim Bot or Basic Auth with username/password
+- Table Names: Common tables include `incident`, `task`, `sys_user`, `change_request`, `problem`, etc.
+- Query Syntax: Use ServiceNow encoded query syntax (e.g., `active=true^priority=1`) for filtering records
+- sys_id: Every ServiceNow record has a unique `sys_id` that is used to identify and reference records
+

apps/sim/app/api/auth/oauth/utils.ts

@@ -103,6 +103,7 @@ export async function getOAuthToken(userId: string, providerId: string): Promise
       accessToken: account.accessToken,
       refreshToken: account.refreshToken,
       accessTokenExpiresAt: account.accessTokenExpiresAt,
+      idToken: account.idToken,
     })
     .from(account)
     .where(and(eq(account.userId, userId), eq(account.providerId, providerId)))
@@ -130,7 +131,14 @@ export async function getOAuthToken(userId: string, providerId: string): Promise
 
     try {
       // Use the existing refreshOAuthToken function
-      const refreshResult = await refreshOAuthToken(providerId, credential.refreshToken!)
+      // For ServiceNow, pass the instance URL (stored in idToken) for the token endpoint
+      const instanceUrl =
+        providerId === 'servicenow' ? (credential.idToken ?? undefined) : undefined
+      const refreshResult = await refreshOAuthToken(
+        providerId,
+        credential.refreshToken!,
+        instanceUrl
+      )
 
       if (!refreshResult) {
         logger.error(`Failed to refresh token for user ${userId}, provider ${providerId}`, {
@@ -213,9 +221,13 @@ export async function refreshAccessTokenIfNeeded(
   if (shouldRefresh) {
     logger.info(`[${requestId}] Token expired, attempting to refresh for credential`)
     try {
+      // For ServiceNow, pass the instance URL (stored in idToken) for the token endpoint
+      const instanceUrl =
+        credential.providerId === 'servicenow' ? (credential.idToken ?? undefined) : undefined
       const refreshedToken = await refreshOAuthToken(
         credential.providerId,
-        credential.refreshToken!
+        credential.refreshToken!,
+        instanceUrl
       )
 
       if (!refreshedToken) {
@@ -287,7 +299,14 @@ export async function refreshTokenIfNeeded(
   }
 
   try {
-    const refreshResult = await refreshOAuthToken(credential.providerId, credential.refreshToken!)
+    // For ServiceNow, pass the instance URL (stored in idToken) for the token endpoint
+    const instanceUrl =
+      credential.providerId === 'servicenow' ? (credential.idToken ?? undefined) : undefined
+    const refreshResult = await refreshOAuthToken(
+      credential.providerId,
+      credential.refreshToken!,
+      instanceUrl
+    )
 
     if (!refreshResult) {
       logger.error(`[${requestId}] Failed to refresh token for credential`)

apps/sim/app/api/auth/oauth2/callback/servicenow/route.ts

@@ -0,0 +1,166 @@
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { env } from '@/lib/core/config/env'
+import { getBaseUrl } from '@/lib/core/utils/urls'
+import { createLogger } from '@/lib/logs/console/logger'
+
+const logger = createLogger('ServiceNowCallback')
+
+export const dynamic = 'force-dynamic'
+
+export async function GET(request: NextRequest) {
+  const baseUrl = getBaseUrl()
+
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.redirect(`${baseUrl}/workspace?error=unauthorized`)
+    }
+
+    const { searchParams } = request.nextUrl
+    const code = searchParams.get('code')
+    const state = searchParams.get('state')
+    const error = searchParams.get('error')
+    const errorDescription = searchParams.get('error_description')
+
+    // Handle OAuth errors from ServiceNow
+    if (error) {
+      logger.error('ServiceNow OAuth error:', { error, errorDescription })
+      return NextResponse.redirect(
+        `${baseUrl}/workspace?error=servicenow_auth_error&message=${encodeURIComponent(errorDescription || error)}`
+      )
+    }
+
+    const storedState = request.cookies.get('servicenow_oauth_state')?.value
+    const storedInstanceUrl = request.cookies.get('servicenow_instance_url')?.value
+
+    const clientId = env.SERVICENOW_CLIENT_ID
+    const clientSecret = env.SERVICENOW_CLIENT_SECRET
+
+    if (!clientId || !clientSecret) {
+      logger.error('ServiceNow credentials not configured')
+      return NextResponse.redirect(`${baseUrl}/workspace?error=servicenow_config_error`)
+    }
+
+    // Validate state parameter
+    if (!state || state !== storedState) {
+      logger.error('State mismatch in ServiceNow OAuth callback')
+      return NextResponse.redirect(`${baseUrl}/workspace?error=servicenow_state_mismatch`)
+    }
+
+    // Validate authorization code
+    if (!code) {
+      logger.error('No code received from ServiceNow')
+      return NextResponse.redirect(`${baseUrl}/workspace?error=servicenow_no_code`)
+    }
+
+    // Validate instance URL
+    if (!storedInstanceUrl) {
+      logger.error('No instance URL stored')
+      return NextResponse.redirect(`${baseUrl}/workspace?error=servicenow_no_instance`)
+    }
+
+    const redirectUri = `${baseUrl}/api/auth/oauth2/callback/servicenow`
+
+    // Exchange authorization code for access token
+    const tokenResponse = await fetch(`${storedInstanceUrl}/oauth_token.do`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: new URLSearchParams({
+        grant_type: 'authorization_code',
+        code: code,
+        redirect_uri: redirectUri,
+        client_id: clientId,
+        client_secret: clientSecret,
+      }).toString(),
+    })
+
+    if (!tokenResponse.ok) {
+      const errorText = await tokenResponse.text()
+      logger.error('Failed to exchange code for token:', {
+        status: tokenResponse.status,
+        body: errorText,
+      })
+      return NextResponse.redirect(`${baseUrl}/workspace?error=servicenow_token_error`)
+    }
+
+    const tokenData = await tokenResponse.json()
+    const accessToken = tokenData.access_token
+    const refreshToken = tokenData.refresh_token
+    const expiresIn = tokenData.expires_in
+    // ServiceNow always grants 'useraccount' scope but returns empty string
+    const scope = tokenData.scope || 'useraccount'
+
+    logger.info('ServiceNow token exchange successful:', {
+      hasAccessToken: !!accessToken,
+      hasRefreshToken: !!refreshToken,
+      expiresIn,
+    })
+
+    if (!accessToken) {
+      logger.error('No access token in response')
+      return NextResponse.redirect(`${baseUrl}/workspace?error=servicenow_no_token`)
+    }
+
+    // Redirect to store endpoint with token data in cookies
+    const storeUrl = new URL(`${baseUrl}/api/auth/oauth2/servicenow/store`)
+
+    const response = NextResponse.redirect(storeUrl)
+
+    // Store token data in secure cookies for the store endpoint
+    response.cookies.set('servicenow_pending_token', accessToken, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      maxAge: 60, // 1 minute
+      path: '/',
+    })
+
+    if (refreshToken) {
+      response.cookies.set('servicenow_pending_refresh_token', refreshToken, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'lax',
+        maxAge: 60,
+        path: '/',
+      })
+    }
+
+    response.cookies.set('servicenow_pending_instance', storedInstanceUrl, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      maxAge: 60,
+      path: '/',
+    })
+
+    response.cookies.set('servicenow_pending_scope', scope || '', {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      maxAge: 60,
+      path: '/',
+    })
+
+    if (expiresIn) {
+      response.cookies.set('servicenow_pending_expires_in', expiresIn.toString(), {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'lax',
+        maxAge: 60,
+        path: '/',
+      })
+    }
+
+    // Clean up OAuth state cookies
+    response.cookies.delete('servicenow_oauth_state')
+    response.cookies.delete('servicenow_instance_url')
+
+    return response
+  } catch (error) {
+    logger.error('Error in ServiceNow OAuth callback:', error)
+    return NextResponse.redirect(`${baseUrl}/workspace?error=servicenow_callback_error`)
+  }
+}