Small and medium business | Business Central, N...

Business Central On-Premise Oauth2 Authentication_InvalidCredentials

(0) Share

Report

Posted on by Bram Veldeman

Hello,

I try to set up oauth2.0 on an on-premise deployment of business central (20.0)

I followed some guides:

Using Service to Service Authentication - Business Central | Microsoft Learn

Configuring Business Central for Azure Active Directory authentication and OAuth (2) – Kauffmann @ Dynamics 365 Business Central

OAuth for Business Central On-Premises Service to Service Authentication (andreilungu.com)

When using Oauth2 / authorization code I can succesfully generate a token (after login as a user) and place and api call

However when using oauth2 / client secret (service-to service authentication I can succesfully get a token but get an Authentication_InvalidCredentials error when placing API call

I already checked via decoding the token that the correct roles are included:

Any ideas how I could further analyse this problem?
Brief

- I succesfully receive a token

- Error when placing API call (Authentication_InvalidCredentials)

Thanks for any guidance!

I have the same question (0)

All responses (7)

Answers (0)

Suggested answer

Amit 2,557 on at

Like (0)

Report

Hi,

Refer this

{→Object
“acesstoken”:
         [→Array
                 {
“username”:”abc@gmail.com”,→commas
“password”: “abc@123”,
“client_id”:”TlfvApUIVDUrm1234″,
“client_secret”:”pwSpO2345aONhGHOlaHHPkWp”,
“grant_type”:”password”→Values
}
   ]
}

Regards

Amit Sharma

www.erpconsultors.com

Was this reply helpful? Yes No
Bram Veldeman 5 on at

Like (0)

Report

Hello,

So I need to create a user in Azure AD and use those credentials?

Regards,

Bram

Was this reply helpful? Yes No
Suggested answer

Marco Mels on at

Like (0)

Report

Hello,

Did you also grant consent in the BC application?

Thank you.

Was this reply helpful? Yes No
Bram Veldeman 5 on at

Like (0)

Report

Hello,

Yes I did.

This returned a 'succesfull' reply so that seemed ok.

Regards,

Bram

Was this reply helpful? Yes No
Bram Veldeman 5 on at

Like (0)

Report

Hello,

I tried the suggestion from Amit Sharme but that didn't help

I used the following settings and received a token so that seems ok.

However, when using the token, I receive the same error:

probably this is fixed by the timezone (I'm in GMT Belgium) but the expiration time is 13:42 while I asked the token around 14:10)

Regards,

Bram

Was this reply helpful? Yes No
Suggested answer

Marco Mels on at

Like (1)

Report

Hello,

In Postman you can add the following:

1. Add New collection:

Type: OAUTH 2.0

Add auth data to: Request Headers

Access Tokens: Available Tokens

Header Prefix: Bearer

Token Name: S2S OAUTH2

Grant Type: Authorization Code

Callback Url: {{PublicWebBaseUrl}}/OAuthLanding.htm

Authorize URL: login.microsoftonline.com/.../authorize

Access Token URL: login.microsoftonline.com/.../token

Client ID: {{CLIENTID}}

Client Secret: {CLIENTSECRET}}

Scope: {{SCOPE}} //NOTE THAT {SCOPE}} is a variable defined in postman: https : // api.businesscentral.dynamics.com/.default) (without the additional spaces to prevent reformatting of the url)

Client Authentication: Send client credentials in body

NOTE: add environmental values in Postman and add actual values for SCOPE, ClientID, etc.

In BC210, you need to specify values in ValidAudiences:

Set-NAVServerConfiguration -ServerInstance $ServerInstance -KeyName "ValidAudiences" -KeyValue "api.businesscentral.dynamics.com; {{PublicWebBaseUrl}}; {{CLIENTID}}"

NOTE: replace everything between {{}} with your own values within Set-NavServerConfiguration

2. Then add a tab with "Get" and ensure Type is set to inherit from parent.

https : //{{PUBLICODATABASEURL}}/ODataV4/Company('{{COMPANYNAME}}') //(without the additional spaces)

Result should be like this (example):

{

"@odata.context": "d365bc.melsbergmans.nl:21048/.../$metadata

"Name": "CRONUS International Ltd.",

"timestamp": 152313,

"Evaluation_Company": false,

"Display_Name": "",

"Id": "97bf99d2-d83a-ed11-bbaa-6045bd8e54cb",

"Business_Profile_Id": "",

"SystemCreatedAt": "2022-09-23T00:44:04.9Z",

"SystemCreatedBy": "00000000-0000-0000-0000-000000000001",

"SystemModifiedAt": "2022-09-23T00:44:04.9Z",

"SystemModifiedBy": "00000000-0000-0000-0000-000000000001"

}

Hope it helps.

Was this reply helpful? Yes No
Dobby94 6 on at

Like (0)

Report

Hey Marco,

is it possible to connect to on-prem BC with Postman and OAuth2? And officially supported? Is there a documentation from Microsoft for the settings that Mister Kaufmann writes?

learn.microsoft.com/.../endpoints-apis-for-dynamics

https://www.kauffmann.nl/2022/02/23/configuring-business-central-for-azure-active-directory-authentication-and-oauth-2/

And where does Microsoft write about the on-prem OAuth2.0 configuration, that Mister Kauffmann ist talking about?

Because here Microsoft writes for on-prem only basic auth.

I tried it with on-prem and the settings from you and Mr. Kaufmann and it works.. But is it officialy supported?

Thank you!

best regards,

Robin

Was this reply helpful? Yes No