Finance | Project Operations, Human Resources, ...

OAuth2 flow and AAD MSAL configuration for mobile app integration with F&O

(0) Share

Report

Posted on by Pete Alberts

3,542

Hi folks

I am building an ionic app (not my decision) that needs to integrate with F&O.

I have spent an eternity to try and figure out how, what and where to do the auth part to AX. I don't want to implement some sort of middleware - I want to integrate directly to a user selected F&O environment.

Has anyone done this?

I am specifically interested in:

The Auth flow to use.
The configuration on AAD.

Thanks for your attention

I have the same question (0)

All responses (4)

Answers (0)

vinitgoyal2005 6,332 on at

Like (1)

Report

Hi Pete,

I don't know anything about ionic app, so don't know if my suggestion will apply. but giving it a try.

But for any integration scenarios, I worked had 1 thing in common. For authentication, Create a web app in Azure AAD and add the client id of this app in D 365. you can then create a token and then use it for authentication. you can check the documentation here: docs.microsoft.com/.../third-party-service-test

Was this reply helpful? Yes No
Suggested answer

Pete Alberts 3,542 on at

Like (0)

Report
Thanks Vinit

Yes I have used that many times - this was different for me because it is "mobile". I managed in the end. I think most of the reasons that I was struggling was because I am not (maybe "was not") a mobile dev.

The process to get this done is simple if you know what you are doing, but very complex if you don't (which was my case). I can't type it all out. But some direct answers to my own questions:

Use the Authorization Code flow

AAD config: Do the "mobile and desktop applications" platform. It is not necessary to set Default Client Type to public. It is not relevant to create a client secret. And you need delegated permissions to AX.

Do not use MSAL. MSAL.js does not support Auth Code flow.

Was this reply helpful? Yes No
Suggested answer

Pete Alberts 3,542 on at

Like (0)

Report
Further

You can't test on a browser - because of CORS. CORS won't be an issue on mobile (can be ignored).

The auth request has exactly 3 mandatory parameters: client_id, response_type and resource

The access token request has exactly 4 mandatory body-items: client_id, code (from auth request), grant_type and resource

You'll most likely have more than one redirect_uri, which means you'll have to add it to both requests.

If it isn't working with those parameters/body-items then there is a problem with your setup. Don't add more (there are a ton of options).

"No P3P policy" error isn't something strange - it simply means not authorized. Wrong setup or wrong requests.

Was this reply helpful? Yes No
daveywc 5 on at

Like (0)

Report

MSAL 2.0 supports Auth Code flow

Was this reply helpful? Yes No

Join the conversation

Community site session details

OAuth2 flow and AAD MSAL configuration for mobile app integration with F&O

Helpful resources

Quick Links

Responsible AI policies

Neeraj Kumar – Community Spotlight

Congratulations to the November Top 10 Community Leaders!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

Featured topics

Product updates

Community site session details

OAuth2 flow and AAD MSAL configuration for mobile app integration with F&O

Helpful resources

Quick Links

Responsible AI policies

Neeraj Kumar – Community Spotlight

Congratulations to the November Top 10 Community Leaders!

Subscribe to this forum!

Select categories

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

Featured topics

Product updates