Share
ReportHi all, I'm having trouble using the access token to access Dynamics WebAPIs such as using an endpoint to create an Account or Incident entity. I have tried both v1 and v2 version of OAuth and have tried setting various permission in the app registration and playing around with different scope parameter values in my request but to no avail. Any help would be greatly appreciated.
I have already registered an Web/API application in the Azure portal and have subsequently followed the instructions found in Microsoft identity platform and OAuth 2.0 authorization code flow to generate an Access Token.
Here's my Http request to get the initial auth code:
String authUrl = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
authUrl = RequestUtil.addQueryParameter(authUrl, "client_id", DYNAMICS_CLIENT_ID.get());
authUrl = RequestUtil.addQueryParameter(authUrl, "redirect_uri", localhost/.../dynamicsoauthcallback);
authUrl = RequestUtil.addQueryParameter(authUrl, "scope", "openid offline_access https://admin.services.crm.dynamics.com/user_impersonation");
//have also tried setting https://yexttest.api.crm.dynamics.com/ as the "resource" parameter value in V1 of OAuth
authUrl = RequestUtil.addQueryParameter(authUrl, "state", "12345");
authUrl = RequestUtil.addQueryParameter(authUrl, "response_type", "code");
authUrl = RequestUtil.addQueryParameter(authUrl, "response_mode", "query");
Here's my followup call using the returned auth code to get an AccessToken:
String response = RequestBuilder.forUrl(exchangeTokenUrl)
.addHeader("Content-Type", "application/x-www-form-urlencoded")
.addPostParam("client_id", app.clientId())
.addPostParam("client_secret", app.clientSecret())
.addPostParam("grant_type", "authorization_code")
.addPostParam("redirect_uri", app.redirectUrl())
.addPostParam("scope", "openid offline_access admin.services.crm.dynamics.com/user_impersonation")
// also tried for V1 .addPostParam("resource", "yexttest.api.crm.dynamics.com/.../v9.1")
.addPostParam("code", authCode)
.stringPostRequest();
The response I received is valid and I can successfully obtain both the access token and the refresh token.
Now here's the issue, I'm unable to use the Access Token to make any calls to the Dynamics CRM:
Example:
GET /api/data/v9.1/incidents? HTTP/1.1
Host: yexttest.api.crm.dynamics.com
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFEQ29NcGpK....
Accept: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
=========================================================
Response:
HTTP Error 401 - Unauthorized: Access is denied
Looking closely at the response Headers, this is what I noticed: WWW-Authenticate →Bearer error=invalid_token, error_description=Error during token validation!, authorization_uri=login.microsoftonline.com/.../authorize, resource_id=yexttest.api.crm.dynamics.com
Can someone please explain why my validation is failing? Am I using the correct OAuth flow for authentication (I read online somewhere that doing the client credentials grant flow worked for some people)? Are there any special configurations I need to set up for my Dynamics Instance at https://yexttest.api.crm.dynamics.com/?
Thank you very much!!!
All responses (
Answers (
10
