web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer Service forum / Is it possible to send...
Customer Service forum

Is it possible to send user access token from D365 Crm online?

(0) ShareShare
ReportReport
Posted on by PerMD 5

We are about to use Dynamics 365 CRM online and we are new in this area.

...User is logged in using SSO.

Now to my questions...

Alternative 1 Our solution architect want us to use a LogicApp, triggered by create/update on the contact entity, to pick up the loggedin users user access token and send it as Authorization header with the call to our onprem rest service.

As far as I can see this is not possible as the LogicApp is running in its own process (kind of as a windows service). Am I wrong?

We have been looking into other different options instead;

Alternative 2 We have been looking at using a Plugin but fails to get hold of the user access token. It is possible, though, to get hold of the application access token but that is not good enough for my client. Is it even possible? If possible, does anyone have an example of how it is done?

Alternative 3 We have been looking at using Javascript to trigger a LogicApp using HTTP request but fails on CORS. Would the user access token magically be sent with the call? Is it even possible? If possible, does anyone have an example of how it is done?

Alternative 4 We have been looking at using JavaScript but fails to get hold of the user access token. Is it even possible to do? If possible, does anyone have an example of how it is done?

We know how to get the user access token in a console application after logging in with SSO. And we know how to get the user access token in an ASPNET MVC application. But now... this is Dynamics 365 CRM online.

We need the user access token because we want the user information to be sent to API.

Are there any other options? We have been looking into this for a week or so...

Categories:
Security and Privacy
I have the same question (0)
  • Community Member Profile Picture
    Community Member on at
    RE: Is it possible to send user access token from D365 Crm online?

    Hi,

    First let me clear something , logic apps live on Azure and not in a Windows Process. 

    Second, these kind of integrations are best suited if you can use Azure AD, if you do that, then your users, logic apps and your on-prem service can be authenticated by Azure AD. Now because I don't know the details, my suggestion is a high level one. There are ways to register your onprem API as an "app registration" in Azure AD which makes it accessible by the Logic app without sending tokens in headers. This explains the way to do that https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-custom-api-authentication

  • PerMD Profile Picture
    PerMD 5 on at
    RE: Is it possible to send user access token from D365 Crm online?

    Hi Omar,

    Thanks for your insights.

    Yes, it is true it is no windows process. I just compared the logic app to a windows service in the manner they both run in their own process for the case.

    It was a good example you sent with the link how to access using app registration. I guess that is what we will end up doing.

    Though I have realized that my client is mixing authentication/authorization and tracing of user. We sure can handle the authentication/authorization using azure AD (since thats what we are using and also what you are suggesting). But what they really want is to trace that it is the user sitting in front of the computer, logged in to D365 CRM, that is calling the api.

    I believe that is not possible, right? We cannot grab that users token and send it down the line from D365 CRM -> LogicApp -> onprem API. We need instead to somehow pick up that users id (for tracing purposes) and send it along with the call to our onprem API.

  • Community Member Profile Picture
    Community Member on at
    RE: Is it possible to send user access token from D365 Crm online?

    Hi,

    Thanks for the reply. I imagine if Azure AD is at the center of authentication for the different parts of the process, can't you use it to identify the user for you? Azure AD has an exposed API that does such things (I believe it is called Azure AD Graph API), basically, the part that needs the user info (your on prem API in that case) can ask Azure AD about more user information of that user issuing the request. I don't have a step by step guide for that but from my understanding of the whole process, I think it can be done.

    Also, if you manage to do it, please share it here as I'm interested to know how things ended up implemented :) 

    Thanks

    Omar

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

November Spotlight Star - Khushbu Rajvi

Congratulations to a top community star!

Forum Structure Changes Coming on 11/8!

In our never-ending quest to help the Dynamics 365 Community members get answers faster …

Dynamics 365 Community Platform update – Oct 28

Welcome to the next edition of the Community Platform Update. This is a status …

Leaderboard > Customer Service

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans