web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Web API: Cannot get OA...
Microsoft Dynamics CRM (Archived)

Web API: Cannot get OAuth working to get Access/Refresh tokens

(0) ShareShare
ReportReport
Posted on by Community Member

Hello.  I'd like to use the Web API to send contacts to various MS Dynamics accounts who have given my web application permission.  I've done this with other CRMs but have been struggling to get started with this on MS Dynamics.

I've created an app in Azure AD as described here.  I've been experimenting with the ADAL code here which calls AcquireToken().  When doing that, I'm prompted to give permission to the app which works, but then after that I get the error message:  AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.

A lot of the code examples for this assume that you have a username and password for the user which I won't have.  When I've done authentication with other CRMs, normally the person is redirected to an OAuth web page where they grant my app permissions, which returns a code I then use to make a separate server call, to obtain access and refresh tokens.  That's what I'd like to do here although I'm open to doing it differently for Dynamics.  If I can get authentication working, my plan is to use the Web API shown here.

Any pointers in the right direction would be very appreciated!

Many thanks,
Ben

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Arun Vinoth Profile Picture
    Arun Vinoth 11,615 Moderator on at
    RE: Web API: Cannot get OAuth working to get Access/Refresh tokens

    You have to get Client Id & secret from Azure AAD registered app to use while authenticating to get token. Or SAML assertion.

    Your code should look like discussed here: stackoverflow.com/.../7920473

  • Suggested answer
    RaviKashyap Profile Picture
    RaviKashyap 55,410 Moderator on at
    RE: Web API: Cannot get OAuth working to get Access/Refresh tokens

    Hi Ben,

    Refer this blog: carldesouza.com/dynamics-365-webapi-and-c-configuring-sample-code

    Extract from this related to the error message you are getting:

    "Note if you see the messages:

    “The request body must contain the following parameter: ‘client_secret or client_assertion” or “The user or administrator has not consented to use the application with ID ‘*****’ named ‘*****’. Send an interactive authorization request for this user and resource”, ensure you are using the application id as the client id, and ensure delegated permissions in your Azure app as well as clicked Grant Permissions."

    Hope this helps

  • Community Member Profile Picture
    Community Member on at
    RE: Web API: Cannot get OAuth working to get Access/Refresh tokens

    Thanks Arun and Ravi for your help.

    I got this resolved.  Most of the articles seem to assume that you have the user's username and password, or that your Azure AAD registered app is in the same Azure organization as the MS Dynamics account.  In my case, I want to get OAuth permissions from someone who is in a different organization without needing their username and password, and without them needing to create any special application users or have to go to much effort.

    Here's my solution in case it helps anyone.

    [1]  In the Azure AAD registered app, in the Authentication section, for "Supported Account Types", I needed to choose "Accounts in any organizational directory".

    [2]  To start the oAuth process, I redirect the person to this URL (of course client_id, resource and redirect_uri need to be updated to your own values):

    login.microsoftonline.com/.../authorize;response_type=code&response_mode=query&resource=https%3A%2F%2Fsomeorg.crm11.dynamics.com&scope=openid%20offline_access&redirect_uri=https%3A%2F%2Fwww.example.com%2F&state=xxxxx

    If the person gives consent, Microsoft will redirect to the redirect_uri with the "code" in the URL, e.g. www.example.com?code=xxxx

    After that, Access and Refresh tokens can be retrieved following the instructions here docs.microsoft.com/.../v1-protocols-oauth-code where an HTTP POST is made on the server to https://login.microsoftonline.com/common/oauth2/token asking for an access token ("grant_type=authorization_code").

    Thanks again for your help.

    Ben

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
HR-09070029-0 Profile Picture

HR-09070029-0 2

#1
UllrSki Profile Picture

UllrSki 2

#3
ED-30091530-0 Profile Picture

ED-30091530-0 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans