OAuth 2.0 Authentication using a Certificate

(3) Share

Report

Posted on by LK-05050611-0

Hey,

we are currently trying to authenticate our app to SharePoint using an app registration with a certificate as a secret. In the OAuth 2.0 Codeunit in BC, there are multiple procedures to do so using a certifcate as SecretText and a CertificatePassword as SecretText:

But whatever combination of certificate and password (base64 encoded, .pfx/.p12 format etc.) we try, we dont get a valid access token. The use case is that we want to use the Base Apps SharePoint Integration to get lists or creater items and during initialization you need to authenticate with either a client secret or certificate. In our case we want to do it with a certificate.

Using postman and creating a client assertion with the certificate of the app registration everything works as expected. Does anyone have a clue on how to use a certificate in Business Central?

Kind Regards

I have the same question (0)

All responses (4)

Answers (1)

Suggested answer

Tech-Lucky 1,261 Super User 2025 Season 2 on at

Like (2)

Report
OAuth 2.0 Authentication using a Certificate

As far as I understood the requirment is to Generate a Access Token using codeunit OAuth2 I have been using the same please see the below code this is based on Client ID and Secret:

Here ClientIdTxt , ClientSecretTxt all are global variable as Text labels.

NOTE: App Registation is not the only thing once you generate the client secret and all API permissions have been provided you have to Map it with the application as well like in Business Central we have to define this under Microsoft Entra Applications.

You also mentioned that this works via Postman when using a client assertion. That’s a good sign—it confirms that your certificate and app registration setup are correct in Azure. The issue likely lies in how the certificate is encoded or passed to Business Central.

A few key suggestions:

Ensure the certificate is in .pfx or .p12 format.

Encode the certificate content in base64 (if passing as a text string).

Make sure the certificate password is correct and matches the one used in Azure.

Use the OAuth2 codeunit methods such as GetAccessTokenWithCertificate, and not the ones intended for client secret–based auth.

Was this reply helpful? Yes No
Suggested answer

Gerardo Rentería Ga... 23,574 Most Valuable Professional on at

Like (2)

Report

OAuth 2.0 Authentication using a Certificate

Hi, good day
I hope this can help you, and give you some hints.

Sharepoint Service to Service Authorization. Integration with Business Central. No user permissions.

Best Regards
Gerardo

Was this reply helpful? Yes No
LK-05050611-0 43 on at

Like (3)

Report

OAuth 2.0 Authentication using a Certificate

Hello Gerardo,

thank you very much for the link to the blog post. I installed the demo app in my BC environment and tried to use the certificate based authentication to retreive list items from my sharepoint site.

However I get a 403 Forbidden Error, even tho the app registration does have full access to all sharepoint sites with admin consent granted. As far as I know, getting a 403 Forbidden error means I do get a valid access token, but I am missing permissions. What could be the issue? The app should be able to access everything, no?

Thanks a lot for your help and Kind Regards!

Lasse

Was this reply helpful? Yes No
Verified answer

LK-05050611-0 43 on at

Like (3)

Report

OAuth 2.0 Authentication using a Certificate

Just in case someone needs this information. I solved the problem myself. Using the OAuth 2.0 Codeunit, it is pretty easy to get an access token using a certificate based authentication. However the certificate needs to have a specific format.

You can find more information here: https://learn.microsoft.com/en-us/answers/questions/1308437/issue-the-specified-network-password-is-not-correc

After using the powershell commands from the blog post I could successfully retreive an access token.

Thanks for the replies tho!

Was this reply helpful? Yes No