web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM 2013 SDK OAuth 2.0
Microsoft Dynamics CRM (Archived)

CRM 2013 SDK OAuth 2.0

(0) ShareShare
ReportReport
Posted on by Clint Sowell 205

The latest version of the SDK touts that it now supports OAuth 2.0 for authentication with the online web services.  However, it does not include any sample code, only some vague references and a walk-through for how to register your app with Active Directory.  I did find this blog that gives a high level overview, but no code examples:

blogs.msdn.com/.../use-oauth-to-authenticate-with-the-crm-service.aspx

I would like to interface with our online CRM deployment via JavaScript, so I have investigated this pretty thoroughly.  Basically, we have and external facing website that is already used to enter leads into our current system.  We'd like to keep this site and just feed the leads into CRM instead of our existing system.  Since we are rolling out branches, one at a time, the goal would be to have a config setting.  And, when a branch "goes live" we'd flip that setting for that branch, and their data would begin feeding into CRM.

So far, I was able get my app registered with CRM and generate my client id.  Then using an open source JavaScript OAuth 2.0 client (jso.js), I was able to code an example for requesting a token.  When I run the example, it brings up the Sign-In page.  I enter my credentials, and it authenticates me.  But, then it goes to another page:

Sign in

needs permission to:

You're signed in as: <removed>

Organization:

Application published by:

You should grant permission only if you trust the application publisher with your data, and if you selected this application from a store or site you trust. Ask your admin if you're not sure about granting permission.

OK No thanks

As you can see, there are no permissions there to grant.  Also, the organization and published by are blank for some reason as well.  If I click "OK" then I get an error:

Sign In

Sorry, but we’re having trouble signing you in.

Something went wrong.

Additional technical information:

Correlation ID: 84d8c02f-1c21-46bf-8a82-eda4785e30d4

Timestamp: 2014-05-07 21:19:25Z

AADSTS50000: There was an error issuing a token.

So, I'm kind of stuck at this point.  I can't get the token, which means I then can't make any subsequent web service calls to either the SOAP or REST end points.  Has anyone else had any experience with this, or is anyone aware of any available sample code?  Any help would be appreciated.

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    jlattimer Profile Picture
    jlattimer 24,562 on at

    I haven't used OAuth/REST to work with CRM externally but if you're looking to work with the SOAP endpoint you can take a look at a couple blog posts I did on authenticating SOAP requests via JavaScript.

    SOAP Authentication to CRM On Premise (ADFS) using JavaScript

    SOAP Authentication to CRM Online using JavaScript

  • Clint Sowell Profile Picture
    Clint Sowell 205 on at

    Thanks for your reply.  My first attempt was actually using SOAP with the example from your blog, and I actually posted a comment to your blog outlining the cross-domain issues that I encountered using that approach.  I was not able to solve that problem, so I moved on to trying the OAuth approach.  I coded up your example almost exactly, just plugging in my specific url, username, and password.  But, I got the following error whenever I tried to execute it:

    "XMLHttpRequest cannot load login.microsoftonline.com/RST2.srf. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:43927' is therefore not allowed access."

  • thuld Profile Picture
    thuld on at

    Hi,

    I assume you would create a security problem with this approach:

    - On that external web-site everyone could execute JavaScript (via the console) that live-queries you CRM system.

    - Even in case you limit the permissions to only create lead records, someone could execute your code in a loop and creates 100.000 leads in your system.

  • jlattimer Profile Picture
    jlattimer 24,562 on at

    It depends on the implementation. Obviously if you connect JavaScript directly to CRM you could run into the issue of someone dumping bad data into your system - not to mention you can't truly obscure the credentials you are using with a strictly JavaScript approach. But if you are using JavaScript in a more controlled fashion, as as example an internal application or you build in your own login in page like in a mobile application the risks aren't as high.

  • thuld Profile Picture
    thuld on at

    @Jason: You are right, there might be use-cases where client-side JavaScript is a valid option for CRM operations. But even for internal side, is it possible that someone miss-uses the code.

    Based on you blog I started a new project on GitHub for an Node.js module that access Dynamics CRM, maybe you could join?

    github.com/.../XrmNodeKit

  • jlattimer Profile Picture
    jlattimer 24,562 on at

    I'll keep an eye on it :)

  • prgtrdr Profile Picture
    prgtrdr 35 on at

    Clint,

    I also tried Jason's code and got the same result that you did, i.e, www://login.microsoftonline.com/RST2.srf does not set the Access-Control-Allow-Origin header so the browser will not permit access to the response due to CORS problem.  I wonder how he got it to work?

    Have you figured out the answer to using OAuth instead?  I would like to be able to access CRM Online from JS.

    Thanks,

    Bill

  • Clint Sowell Profile Picture
    Clint Sowell 205 on at

    Unfortunately, no I never got passed the challenges I was having with OAuth either.  At this point, I'm moving forward with a server-side, c# solution instead.  

    I actually did get the OAuth to work server-side and was able to get a security token.  I then tried to use the token to make a client-side AJAX call and once again ran into the same cross-domain CORS issue as I was having with the SOAP approach.  

  • prgtrdr Profile Picture
    prgtrdr 35 on at

    I feel your pain ;-)   It's a shame that MS can't make a good product like Dynamics CRM easier for developers to use.  The Salesforce.com folks live and breath making ISVs happy...they are really doing something right over there.

    I'm going to try one more thing that you may not have thought about.  After you register a CRM app with Azure for OAuth, perhaps the login.microsoftonline.com/RST2.srf  will recognize the redirect URI as the Origin URI and will then return the proper headers.  I'll let you know how I make out.

    Thanks,

    Bill

  • drewt Profile Picture
    drewt 15 on at

    Hi Clint:

    If you are referencing the 6.1 sdk

    www.microsoft.com/.../details.aspx

    Then it is still

    [This topic is pre-release documentation and is subject to change in future releases.]

    SP1 should be out soon and then when all the bits are there it may work better.

    cheers

    drewt

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans