Skip to main content

Notifications

Announcements

No record found.

Small and medium business | Business Central, N...
Suggested answer

Business Central On-Premise Oauth2 Authentication_InvalidCredentials

(0) ShareShare
ReportReport
Posted on by 5

Hello,

I try to set up oauth2.0 on an on-premise deployment of business central (20.0)

I followed some guides:

Using Service to Service Authentication - Business Central | Microsoft Learn

Configuring Business Central for Azure Active Directory authentication and OAuth (2) – Kauffmann @ Dynamics 365 Business Central

OAuth for Business Central On-Premises Service to Service Authentication (andreilungu.com)

When using Oauth2 / authorization code I can succesfully generate a token (after login as a user) and place and api call

pastedimage1665080018751v2.png

However when using oauth2 / client secret (service-to service authentication I can succesfully get a token but get an Authentication_InvalidCredentials error when placing API call

pastedimage1665080191587v3.png

pastedimage1665079983536v1.png

I already checked via decoding the token that the correct roles are included:

pastedimage1665080260793v4.png

Any ideas how I could further analyse this problem? 
Brief

- I succesfully receive a token

- Error when placing API call (Authentication_InvalidCredentials)

Thanks for any guidance! 

  • Dobby94 Profile Picture
    Dobby94 2 on at
    RE: Business Central On-Premise Oauth2 Authentication_InvalidCredentials

    Hey Marco,

    is it possible to connect to on-prem BC with Postman and OAuth2? And officially supported? Is there a documentation from Microsoft for the settings that Mister Kaufmann writes?

    learn.microsoft.com/.../endpoints-apis-for-dynamics

    https://www.kauffmann.nl/2022/02/23/configuring-business-central-for-azure-active-directory-authentication-and-oauth-2/

    And where does Microsoft write about the on-prem OAuth2.0 configuration, that Mister Kauffmann ist talking about?

    Because here Microsoft writes for on-prem only basic auth.

    I tried it with on-prem and the settings from you and Mr. Kaufmann and it works.. But is it officialy supported?

    Thank you!

    best regards,

    Robin

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Business Central On-Premise Oauth2 Authentication_InvalidCredentials

    Hello,

    In Postman you can add the following:

    1. Add New collection:

    Type: OAUTH 2.0

    Add auth data to: Request Headers

    Access Tokens: Available Tokens

    Header Prefix: Bearer

    Token Name: S2S OAUTH2

    Grant Type: Authorization Code

    Callback Url: {{PublicWebBaseUrl}}/OAuthLanding.htm

    Authorize URL: login.microsoftonline.com/.../authorize

    Access Token URL: login.microsoftonline.com/.../token

    Client ID: {{CLIENTID}}

    Client Secret: {CLIENTSECRET}}

    Scope: {{SCOPE}}  //NOTE THAT {SCOPE}} is a variable defined in postman: https : // api.businesscentral.dynamics.com/.default) (without the additional spaces to prevent reformatting of the url)

    Client Authentication: Send client credentials in body

    NOTE: add environmental values in Postman and add actual values for SCOPE, ClientID, etc.

    In BC210, you need to specify values in ValidAudiences:

    Set-NAVServerConfiguration -ServerInstance $ServerInstance -KeyName "ValidAudiences" -KeyValue "api.businesscentral.dynamics.com; {{PublicWebBaseUrl}}; {{CLIENTID}}"

    NOTE: replace everything between {{}} with your own values within Set-NavServerConfiguration

    2. Then add a tab with "Get" and ensure Type is set to inherit from parent.

    https : //{{PUBLICODATABASEURL}}/ODataV4/Company('{{COMPANYNAME}}') //(without the additional spaces)

    Result should be like this (example):

    {

       "@odata.context": "d365bc.melsbergmans.nl:21048/.../$metadata

       "Name": "CRONUS International Ltd.",

       "timestamp": 152313,

       "Evaluation_Company": false,

       "Display_Name": "",

       "Id": "97bf99d2-d83a-ed11-bbaa-6045bd8e54cb",

       "Business_Profile_Id": "",

       "SystemCreatedAt": "2022-09-23T00:44:04.9Z",

       "SystemCreatedBy": "00000000-0000-0000-0000-000000000001",

       "SystemModifiedAt": "2022-09-23T00:44:04.9Z",

       "SystemModifiedBy": "00000000-0000-0000-0000-000000000001"

    }

    Hope it helps.

  • Bram Veldeman Profile Picture
    Bram Veldeman 5 on at
    RE: Business Central On-Premise Oauth2 Authentication_InvalidCredentials

    Hello,

    I tried the suggestion from Amit Sharme but that didn't help

    I used the following settings and received a token so that seems ok.

    pastedimage1665145224874v1.png

    However, when using the token, I receive the same error:

    pastedimage1665145306741v2.png

    probably this is fixed by the timezone (I'm in GMT Belgium) but the expiration time is 13:42 while I asked the token around 14:10)

    pastedimage1665145401334v3.png

    Regards,

    Bram

  • Bram Veldeman Profile Picture
    Bram Veldeman 5 on at
    RE: Business Central On-Premise Oauth2 Authentication_InvalidCredentials

    Hello,

    Yes I did.

    This returned a 'succesfull' reply so that seemed ok. 

    Regards,

    Bram

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Business Central On-Premise Oauth2 Authentication_InvalidCredentials

    Hello,

    Did you also grant consent in the BC application?

    Thank you.

  • Bram Veldeman Profile Picture
    Bram Veldeman 5 on at
    RE: Business Central On-Premise Oauth2 Authentication_InvalidCredentials

    Hello,

    So I need to create a user in Azure AD and use those credentials?


    Regards,

    Bram

  • Suggested answer
    Amit_Sharma Profile Picture
    Amit_Sharma 2,545 on at
    RE: Business Central On-Premise Oauth2 Authentication_InvalidCredentials

    Hi,

    Refer this

    {→Object
    “acesstoken”:
             [→Array
                     {
    “username”:”abc@gmail.com”,→commas
    “password”: “abc@123”,
    “client_id”:”TlfvApUIVDUrm1234″,
    “client_secret”:”pwSpO2345aONhGHOlaHHPkWp”,
    “grant_type”:”password”→Values
    }
       ]
    }

    Regards

    Amit Sharma

    www.erpconsultors.com

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees

Kudos to all of our 2024 community stars! 🎉

Meet the Top 10 leaders for December

Congratulations to our December super stars! 🥳

Start Your Super User Journey

Join the ranks of our community heros! 🦹

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,759 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,468 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans