I am attempting to create a integration to the BrightSpace API but I am having trouble finding the ability to do a server-to-server integration. Is there any authentication methods available to use the API without a user interaction step?
I noticed there is OAuth 2 available but only the authorization code flow. Is there a way to use the client_creditials flow? There is a setting for not prompting for user consent but I don't think that is taking away the need for the interaction.
Brightspace Documentation: https://docs.valence.desire2learn.com/basic/oauth2.html
You are correct, the only OAuth2 flows available to third party integrations with Brightspace are the Authorization Code Flow and the Refresh Token flow. Brightspace doesn't offer third parties the ability to use the Client Credentials Grant flow (an exception to this situation is integrations done via the 1EdTech Learning Tools Interoperability (LTI) software standard).
The general pattern recommended is to design the headless app to allow an administrator to walk through a manual auth workflow once to capture an access token and a refresh token; then, the app can use the refresh token workflow headlessly going forward to keep its access alive. While access tokens for Brightspace are short lived (measured in minutes), refresh tokens are long-lived (measured in days or weeks), so as long as your app runs every day or so, the refresh token workflow pattern can be used to preserve system access to Brightspace.