D365 V8.2 On Premises ADFS 4.0 OAuth 2.0 token missing claims information

(0) Share

Report

Posted on by Devashish Bajpai

Hello,

My current setup includes D365 V8.2 On Premises , ADFS 4.0. I am trying to generate a OAuth 2.0 token for accessing WebAPI. For doing so u have created an Application Group and setup appropriate rules. I am using postman to get the OAuth Token.

i am following this blog to generate the token

https://www.cloudriven.fi/en/cloud-9-videos/how-to-do-a-dynamics-365-web-api-request-using-oauth2/

Following is my setting as it appears on postman

This provides me an access token as well however when i try to examine the token on jwt.io i can see that claim information is missing. Also i have noted that "aud" in the token is set to"urn:microsoft:userinfo" which should have been the resource i am trying to access.

Without claim information the CRM WebAPI calls return 401 authorised. Any help in this regard will be much appreciated.

*This post is locked for comments

I have the same question (0)

All responses (6)

Answers (1)

Shaner 35 on at

Like (0)

Report

I'm having this exact issue. Would love to know if anyone has got a solution.

Edit: I'n my case I'm using a Grant Type of Password, and its still not working. You may want to try OP as I think to get the claim you will have to pass a user credential.

Was this reply helpful? Yes No
Suggested answer

Kokulan 18,054 on at

Like (0)

Report

Hi

Please have look at these links

medium.com/.../the-mystery-of-the-missing-adfs-jwt-claims-7658d9cdeaac

nzpcmad.blogspot.com/.../adfs-adfs-40-with-spa.html

Hope these help

Was this reply helpful? Yes No
Verified answer

Shaner 35 on at

Like (0)

Report

I don't think you can get a claim using Postman because you need to add to the request body.

Using Fiddler and its composer I'm now getting the claim with the token.

Follow the video, ensuring the claims configured for the Application Group.

Fiddler:

POST: https://your.auth.server/adfs/oauth2/token

Header:

Content-Type: application/x-www-form-urlencoded

Body (I've separated it so its easy to read but paste it as a single line):

grant_type=password
&username=domain%5Cuser
&password=XXXXXXXX
&scope=openid
&client_id=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
&client_secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
&response_mode=form_post
&https://your.crm.local/crm/api/data/v8.2/

If you have an IFD then use this format:

&resource=https://your.crm.com/api/data/v8.2/

Results:

https://jwt.io/

Was this reply helpful? Yes No
Misael Pérez 100 on at

Like (0)

Report

Hi, Did you were able to find a soluiton? Im facing the same issue (also tried the verified response, but no luck).

Thanks,

Misael

Was this reply helpful? Yes No
Shaner 35 on at

Like (0)

Report

Follow the instructions in the video. Use Fiddler or SoapUI to test so that you can set the body of the request. Make sure you include all of the parameters. Inspect the response in https://jwt.io for the claim.

Was this reply helpful? Yes No
Suggested answer

Community Member on at

Like (0)

Report

Please check this:- https://jkdynamicscrm.blogspot.com/2021/06/blog-post.html

Do not forget to register claims; while creating the client and secret Id's.

Please verify if this is valid answer. Thanks!

Was this reply helpful? Yes No