Workday REST Api OAuth2.0 flows
I'm looking to integrate to Workday's REST Api services. Sadly enough, I do not have access to Workday's resource center - where all the documentation resides - it takes forever to get access to there.
I was hoping to get some help from the community regarding the overall process.
My main questions are:
- Which OAuth flows are supported?
- How can I find which scopes are needed for the client functionality I am looking for? (Basically I am looking to get users meta-data information).
From what I managed to collect online so far (without having access to the workday community center) Ive found that Workday supports an authorization code grant flow, and an implicit grant flow.
I also have a basic question regarding the authorization code grant flow:
If I understand correctly, the authorization code grant works as follows:
- Send a GET request to the authorization endpoint you get from client registration.
- Obtain an access token after authorization is granted via user approval.
- Send a POST request to the token endpoint, along with the access token obtained from step 2 in order to obtain an access token.
- Use the API with the access token obtained from step 3.
If so, I wonder if step 1 is ALWAYS required? by always I mean once per "access token obtainment" or rather just only once?
I also wonder - if user approval is required, how does this formally happen? where does the window of approval pop up if the requests are sent from a remote server?
Are there any workflows which do not require active user approvals for authorization?