Expand my Community achievements bar.

Questions regarding OAuth2 M2M authentication

Avatar

Level 1

Workfront OAuth2 M2M flow essentially creates a session ID bound to the user that created the app integration within Workfront using the UI. 

I'm looking to provide the external app with an authentication method that it can use indefinitely with no maintenance. So I have a few questions:

 

1. Will the external app be able to authenticate if the user password expires?

2. Will the external app be able to authenticate if the user is disabled in Workfront (not deleted)?

3. Is the only requirement for this authentication to work that the user who created the integration continues to exist in Workfront?

4. Does Event Subscriptions API support this authentication method or is it required to still authenticate those requests with the API Key?

1 Reply

Avatar

Level 1

I got an answer from engineering support.

1. Yes

2. No, the user needs to be active

3. Yes

4. Yes. Make sure you use sessionId as the authentication header, eg:

sessionId: <access-token>