Share
Report
60Hi,
My goal is to receive the Access Token programmatically, for this i decided at first to do this through Postman.
I'd like to say that my Business Central app is configured with AAD, so I have all the necessary credentials for future requests:
3) Client secret
At first I'm trying to make Authorization Request to receive Authorization code. As it is written in official Oauth 2.0 documentation, I should use the authorization endpoint URI.
In my case it looks like : https://login.windows.net/{{tenantID}}/oauth2/authorize?response_type=code&client_id={{client_id}}&redirect_uri=https://businesscentral.dynamics.com/{{tenantID}}/Sandbox --- GET
This request successfully returns me an authorization code, which is necessary to request an Access token.
My next step is Access Token Request
It contains of:
grant_type
REQUIRED. Value MUST be set to "authorization_code".
code
REQUIRED. The authorization code received from the
authorization server.
redirect_uri
REQUIRED, if the "redirect_uri" parameter was included in the
authorization request, and their
values MUST be identical.
client_id
REQUIRED, if the client is not authenticating with the
authorization server
Access Token endpoint looks like:
login.microsoftonline.com/.../token --- POST
All necessary parameters are set in the body. But, without the client_secret it returns me:
"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'."
If I set the client secret from AAD it returns me "AADSTS7000215: Invalid client secret is provided"
This client secret works if i use Postman Oauth 2.0 authentication to receive access token, so the reason is not in credentials but in my actions.
Any ideas? Thanks in advance! 
All responses (
Answers (
