I'm trying to create an OAuth integration with Workday, but am receiving an Unauthorized Client error. I enabled the API client, got secret and access keys, and configured a redirect URI pointing to my server.
When I visit https://impl.workday.com/myTenant/authorize?response_type=token&client_id=myClientID, I'm brought to a screen to allow this app access to my Workday, I hit accept, and am then redirected to my server. However, when I check my server logs showing the request URL and headers, this is what I'm seeing:
URL: /workday?error=unauthorized_client
Headers: { host: 'localhost:9001',
connection: 'close',
'cache-control': 'max-age=0',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36',
'sec-fetch-mode': 'navigate',
'sec-fetch-user': '?1',
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
'sec-fetch-site': 'cross-site',
referer: 'https://impl.workday.com/wday/authgwy/myTenant/authorize?response_type=token&client_id=myClientID',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'en-US,en;q=0.9'
}
I expected to receive a header "Location: https://example.com/#access_token=someAccessToken&token_type=Bearer" but am getting the unauthorized client error.
Changing https://impl.workday.com/myTenant/authorize?response_type=token&client_id=myClientID to https://impl.workday.com/myTenant/authorize?response_type=code&client_id=myClientID solved the issue.