I want to access a rest webservice hosted in a salesforce org from another Salesforce org. I am using the web server flow for authentication. When hitting the authorisation URL, I am redirected to a login page and after login, remote authorisation page appears requiring the user to allow/deny access. I somehow want to skip this login and approval when I access the web service next time. Is this possible?
Best Answer
I'm open to correction here, but I think the appropriate flow to use for this situation is the OAuth 2.0 JWT Bearer Token Flow.
For this flow, you make a HTTP request to https://login.salesforce.com/services/oauth2/token from your Apex code including a username and a Salesforce "Connected App" consumer key. This request is signed using the RSA-SHA256 algorithm and a cert you create in the requesting org. A copy of that signing certificate is also uploaded to the "Connected App" definition in the remote org (whose consumer key is the one in the request) where it is used to verify the request.
This flow relies on the signature information matching and so does not need a web page presenting for the password to be entered. So it can be executed solely through server to server interaction.
Note that I'm working on this right now so have no long term experience with it. Its somewhat awkward to get working.