- Steps for Authentication
- Authentication Sequence : code
- Authentication Sequence : code_direct
- Authentication Sequence : remove
Steps for Authentication
When authenticating an app using the OAuth API, the Process differs depending on the value specified for response_type.
For response_type, any of “code,” “code_direct,” or “remove” must be specified. The following describes each of these Processes.
For details on the other Parameters, see OAuth.
Authentication Sequence : code
The procedure for authenticating an app using a Web browser is shown below. (response_type=code)
When accessing the Resource of the Company DB for the first time, access to the DB must be granted in advance by accessing it with response_type=code specified for authentication.
Also, in the case of an app that is used from the HRBC apps list, such as a third-party app, authentication is required with response_type=code specified.
For an app that has already been activated, granting access to the DB is completed in most cases, so the procedure for granting access is omitted and the procedure for issuing a code will start.
Authentication Sequence : code_direct
The authentication procedure for operation using an app server alone is shown below. (response_type=code_direct)
Note that before performing authentication with response_type=code_direct, access to the Company DB that is to be accessed must be granted in advance using response_type=code.
Authentication Sequence : remove
When terminating the use of the app, the procedure for removing access privilege to the Company DB must be performed.
Especially for development of third-party apps, users are expected to be able to terminate the use of such apps from the HRBC apps list as desired.