Instances & Context
Authentication: Basic or OAuth 2.0
Pick the method when you log in. Both can coexist across profiles — existing Basic profiles keep working unchanged.
- Basic — username + password (Integration User recommended). Sent as
Authorization: Basic …. - OAuth 2.0 (Authorization Code + PKCE) — sign in through your system browser, so SSO and MFA are handled on ServiceNow's login page and the extension never sees your password. Access tokens are refreshed automatically; on expiry a request silently re-authenticates.
One-time ServiceNow setup for OAuth
Instance admin, once:
- System OAuth → Application Registry → New → Create an OAuth API endpoint for external clients.
- Add a Redirect URL of exactly
http://127.0.0.1:7889/callback(loopback; the port is configurable viasnWidgetKit.oauthRedirectPortand must match this URL byte-for-byte). PKCE is always used, so you can leave it a public client (no secret). - Save, then run Login to Instance → OAuth2 and paste the Client ID (the Client Secret is optional).
Use 127.0.0.1, not localhost
Loopback OAuth is desktop-only (it matches the extension's local preview/hot-reload model). The Redirect URL uses
127.0.0.1 rather than localhost on purpose — ServiceNow matches the value literally.Signing in as a different user
OAuth reuses the ServiceNow session in the in-editor browser, so a repeat sign-in usually returns the same user without prompting. To switch users, choose OAuth2 — sign in as a different user (it clears the session first), or remove the profile (which clears it too).
First sign-in initializes your context
The Working Context is initialized to the Global scope and that scope's Default update set, so the status bar shows a valid context right away. Pick a non-Default update set before pushing — the guard blocks pushes to Default. See Working Context.
Tokens (the Basic password or the OAuth access/refresh tokens) live in VS Code SecretStorage per profile and never touch your settings files.