Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Web API: Cannot get OA...
Microsoft Dynamics CRM (Archived)

Web API: Cannot get OAuth working to get Access/Refresh tokens

(0) ShareShare
ReportReport
Posted on by Community Member

Hello.  I'd like to use the Web API to send contacts to various MS Dynamics accounts who have given my web application permission.  I've done this with other CRMs but have been struggling to get started with this on MS Dynamics.

I've created an app in Azure AD as described here.  I've been experimenting with the ADAL code here which calls AcquireToken().  When doing that, I'm prompted to give permission to the app which works, but then after that I get the error message:  AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.

A lot of the code examples for this assume that you have a username and password for the user which I won't have.  When I've done authentication with other CRMs, normally the person is redirected to an OAuth web page where they grant my app permissions, which returns a code I then use to make a separate server call, to obtain access and refresh tokens.  That's what I'd like to do here although I'm open to doing it differently for Dynamics.  If I can get authentication working, my plan is to use the Web API shown here.

Any pointers in the right direction would be very appreciated!

Many thanks,
Ben

*This post is locked for comments

  • Community Member Profile Picture
    Community Member on at
    RE: Web API: Cannot get OAuth working to get Access/Refresh tokens

    Thanks Arun and Ravi for your help.

    I got this resolved.  Most of the articles seem to assume that you have the user's username and password, or that your Azure AAD registered app is in the same Azure organization as the MS Dynamics account.  In my case, I want to get OAuth permissions from someone who is in a different organization without needing their username and password, and without them needing to create any special application users or have to go to much effort.

    Here's my solution in case it helps anyone.

    [1]  In the Azure AAD registered app, in the Authentication section, for "Supported Account Types", I needed to choose "Accounts in any organizational directory".

    [2]  To start the oAuth process, I redirect the person to this URL (of course client_id, resource and redirect_uri need to be updated to your own values):

    login.microsoftonline.com/.../authorize;response_type=code&response_mode=query&resource=https%3A%2F%2Fsomeorg.crm11.dynamics.com&scope=openid%20offline_access&redirect_uri=https%3A%2F%2Fwww.example.com%2F&state=xxxxx

    If the person gives consent, Microsoft will redirect to the redirect_uri with the "code" in the URL, e.g. www.example.com?code=xxxx

    After that, Access and Refresh tokens can be retrieved following the instructions here docs.microsoft.com/.../v1-protocols-oauth-code where an HTTP POST is made on the server to https://login.microsoftonline.com/common/oauth2/token asking for an access token ("grant_type=authorization_code").

    Thanks again for your help.

    Ben

  • Suggested answer
    RaviKashyap Profile Picture
    RaviKashyap 55,410 Moderator on at
    RE: Web API: Cannot get OAuth working to get Access/Refresh tokens

    Hi Ben,

    Refer this blog: carldesouza.com/dynamics-365-webapi-and-c-configuring-sample-code

    Extract from this related to the error message you are getting:

    "Note if you see the messages:

    “The request body must contain the following parameter: ‘client_secret or client_assertion” or “The user or administrator has not consented to use the application with ID ‘*****’ named ‘*****’. Send an interactive authorization request for this user and resource”, ensure you are using the application id as the client id, and ensure delegated permissions in your Azure app as well as clicked Grant Permissions."

    Hope this helps

  • Suggested answer
    Arun Vinoth Profile Picture
    Arun Vinoth 11,615 on at
    RE: Web API: Cannot get OAuth working to get Access/Refresh tokens

    You have to get Client Id & secret from Azure AAD registered app to use while authenticating to get token. Or SAML assertion.

    Your code should look like discussed here: stackoverflow.com/.../7920473

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Daivat Vartak – Community Spotlight

We are honored to recognize Daivat Vartak as our March 2025 Community…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Kudos to the February Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 292,516 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 231,430 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans