Dynamics Community Forum Thread Details

Customer Self-Service Portal OAuth 2.0 implicit grant flow usage scenarios?

I'm doing some research on customer self-service portal features and came across this: docs.microsoft.com/.../oauth-implicit-grant-flow

From that article, it sounds like this feature can be used by external apps to access the portal and secure those apps with a portal login account, basically extending the portal login as an external identity provider for other apps. Am I understanding that correctly or am I way off track? I'm trying to understand the possible use cases for this feature, does anyone have a better explanation of how it is meant to work and where it might be used?

Thank you!

I actually understand it the other way around. So basically, if you have developed a WebAPI that lives, say on Azure, and you want to call this API from a portal javascript, then you don't need to authenticate with that API directly. You may be able to use the implicit grant flow to get a token from the portal itself and pass it to the API. The reason I think this works is that the portal itself is registered in Azure AD and if you API is also registered in the same AD then it should recognize the token passed to it. This discussion might have something in common with what I'm saying and what you might be looking for

community.dynamics.com/.../call-secured-app-service-web-api-from-crm-dynamics-portal-page

Please update me if you find better explanation as I'm interested to know this as well.

Quick Links

Leaderboard