Workday And ServiceNow Integration: OAuth Access or Refresh tokens are not available

manish kale · ‎11-24-2023

Hello Developers,
We are trying to integrate Workday and ServiceNow to get the users/workers' data from from workday and then map it into the ServiceNow user table using the REST API. We are trying to build the connection using OAuth 2.0. Consequently, we have configured the following things as listed below:
1. Credentials: Type - OAuth 2.0
2. Application Registration:

Authorization URL- https://wd5.myworkday.com/{Tenant Name}/authorize
Redirect URL - https://{Tenant Name}.service-now.com/oauth_redirect.do
Token URL - https://wd5-services1.myworkday.com/ccx/oauth2/{Tenant Name}/token
Default Grant Type: Authoriztion Code
Send Credentials: In Request Body(Form URL Encoded)

3. OAuth Entity Profile: Grant Type - Authoriztion Code

So we have configured above things and when we view the credentials record we are getting the below error:

And if we click on the realted link "Get OAuth Token" we are redirected to a new page where we get the below error:

If anyone can let us know why we are getting these two errors please let us know. Your help will be much appreciated.

Best Regards,
Manish.

Kit Cheong · ‎11-28-2023

When you click "Get OAuth Token" a popup should appear with Workday login screen.
Log in to Workday using the "API client" credentials created in workday for ServiceNow.
You're then taken to a screen with an Allow and Deny button. Click Allow.

Ensure the API client configuration in workday has the redirect URL: https://[your insance].service-now.com/oauth_redirect.do

If you're not getting the Workday login screen when clicking "Get OAuth Token", open the Application Registry [oauth_entity] record in ServiceNow, add this param' to the Authorisation URL: ?redirect=n
E.g. https://x.myworkday.com/[your tennant]/authorize?redirect=n

If none of this works try logging into workday on a new tab using the "API client" credentials, then click "Get OAuth Token" in the ServiceNow tab.

View solution in original post

manish kale · ‎01-04-2024

Hello @ASHU_1 ,

It is the (Username and password) of ISU created in Workday = API Client Credentials.

Kit Cheong · ‎01-30-2024

During the ServiceNow "Get OAuth Token" process, when prompted to log into Workday use the ISU username and password.

Prior to this, when creating the Application Registry record in ServiceNow, use the client id/secret from the "API Client" section of Workday; not the "API Clients for Integrations". In my experience when using the "API Clients for Integrations" Workday does not perform the redirect during the "Get OAuth Token" process.

manish kale · ‎12-26-2023

Hello @Kit Cheong

By following the given steps, we were able to log in to Workday after clicking on the link "Get OAuth Token". And we were also prompted with the dialog box to Eighter Allow or Deny. And even after clicking on the 'Allow button', the error message is still showing up as below:

Could you please let us know what could be going wrong?

ASHU_1 · ‎01-10-2024

@manish kale We are also facing the same issue? were you able to move ahead? So, once the user name and password were provided, there was a small pop up - we selected allow, it then took us to a very basic looking page within Workday (not sure if this is where we have to reach) but back in the ServiceNow screen we got the same error message that you have? Did you find what went wrong and how to resolve?

Someone is saying it could be related to firewall? Some are asking to figure out a dataflow/threat model diagram, or the source/destination servers’ names. (Is this all really related? how to provide this information?)

manish kale · ‎01-15-2024

Hello @ASHU_1

Yes, Our issue was Resolved.
So there are different ways to register Client API in the Workday. So the workday team has to use the general method of Client API registration in the workday and also have to make sure that the workday team has added the Redirect URL from ServiceNow.
Once the above steps are done: the Workday team will provide the new Client ID and Client Secret. Update those in your ServiceNow Application Registry.
And then try getting the Access Token Again from Credentials. - Log into the workday and the error will be gone. Access Token will be received. Hope that helps!