OAuth 2.0 connection with Workday

Brian15 · ‎12-09-2021

Has anyone made an OAuth 2.0 connection to their Workday tenant? I am following the Workday HR spoke documentation in order to retrieve a RAAS report. I have the oauth_entity record created using the client id & client secret values provided by Workday.

When I click "Get oauth token", I receive a windows message

If I am logged into my Workday tenant before clicking get token, then Workday opens a new window asking me to allow or deny access to my account. But I don't get an access token back. Also, my Workday account does not have access to the data I need.

My support case on this has been open awhile. Now I am reaching out to Community members to see if anyone has specific experience making an oauth 2.0 connection with Workday.

Thank you, Brian Watkins

Kit Cheong · ‎11-28-2023

When you click "Get OAuth Token" a popup should appear with Workday login screen.
Log in to Workday using the "API client" credentials created in workday for ServiceNow.
You're then taken to a screen with an Allow and Deny button. Click Allow.

Ensure the API client configuration in workday has the redirect URL: https://[your insance].service-now.com/oauth_redirect.do

If you're not getting the Workday login screen when clicking "Get OAuth Token", open the Application Registry [oauth_entity] record in ServiceNow, add this param' to the Authorisation URL: ?redirect=n
E.g. https://x.myworkday.com/[your tennant]/authorize?redirect=n

If none of this works try logging into workday on a new tab using the "API client" credentials, then click "Get OAuth Token" in the ServiceNow tab.

View solution in original post

Maik Skoddow · ‎12-12-2021

Hi @Brian

There is something wrong with your configuration, because "SAM Responses" have nothing to do with OAuth-based authentication.

Do you have the right API URL?

Kind regards
Maik

Brian15 · ‎12-15-2021

Thanks for the response - in accordance with the Workday HR Spoke documentation, the Workday application generated the

authorization endpoint
token endpoint
client id
client secret

In Postman, using grant type=refresh_token I can retrieve a bearer token (access token) then retrieve the Workday data using grant type = bearer token.

In ServiceNow, I am using grant type=Authorization Code and the values provided by Workday. I receive the error when I click "Get oauth token".

Workday has SSO configured through Azure, is there an Azure configuration that needs to change?

Thanks, Brian

Maik Skoddow · ‎12-15-2021

Hi Brian,

again: SSO has nothing to do with your OAuth based authentication. And it would have been nice if you had revealed the detail with the Bearer Token right in the question.

Please see the following article which helped me recently regarding your scenario: https://servicenowthink.wordpress.com/2020/05/15/how-to-authenticate-with-refresh_token-and-bearer-a...

Kind regards
Maik

Maik Skoddow · ‎12-21-2021

Hi @Brian

In case you think I was able to answer your question, I would be happy if you mark the appropriate response as "correct" so that the question will appear as resolved for other users who may have a similar question in the future.

If not, please tell me what you are still missing.

Many thanks & kind regards
Maik