question

itbusinesscentral-1874 avatar image
0 Votes"
itbusinesscentral-1874 asked ·

OAuth 2.0 Client Credential Grant for Dynamics 365 Business Central

Hi,

Wanted to create a windows console service that will run on the backend of a server to connect to my application and to Dynamics 365: Business Central.
Planning to use OAuth 2.0 client credentials to get token and consume business central endpoints.

Here are the following steps I have made so far:

Also tried the postman example provided inthe documentation, they, however, will return a token but not the correct one as it is unauthorized
https://login.windows.net/{tenant}.onmicrosoft.com/oauth2/authorize?resource=https://api.businesscentral.dynamics.com
https://login.windows.net/{tenant}.onmicrosoft.com/oauth2/token?resource=https://api.businesscentral.dynamics.com


GetAccessToken code similar to this https://api.codeproject.com/Samples/ClientCredCsDoc

Would really appreciate help here

azure-ad-authentication-protocols
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

Hi @itbusinesscentral-1874 · Thank you for reaching out.

Could you please share what error you are getting while requesting for the token using Client_Credentials flow?

I have provided a screenshot of the call from my tenant for your reference:

70570-image.png


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (94.8 KiB)
· 3 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @amanpreetsingh-msft

I am able to get a response access token.
However, if I use result access token, it shows me 401 error code, unauthorized error.

70848-access-token-generated.jpg


70875-access-token-unauthorized.jpg



The goal is to call api.businesscentral endpoints
https://api.businesscentral.dynamics.com/v1.0/{tenant}.onmicrosoft.com/api/beta

Am I doing this right?

0 Votes 0 ·
amanpreetsingh-msft avatar image amanpreetsingh-msft itbusinesscentral-1874 ·

Hi @itbusinesscentral-1874 · Make sure that you have below permissions added to your app and Admin Consent is granted for these permissions:

70999-image.png

Also, in your case, the scope needs to be https://api.businesscentral.dynamics.com/.default to acquire the token and not https://graph.microsoft.com/.default. Once the token is acquired and you decode the token at https://jwt.ms, you should see below values in the roles claim

70969-image.png

The Roles claim is used by the application to do the authorization. If application is looking for one of the permissions highlighted above, it will not fail with http 401.

0 Votes 0 ·
image.png (34.4 KiB)
image.png (8.4 KiB)
itbusinesscentral-1874 avatar image itbusinesscentral-1874 amanpreetsingh-msft ·

Hi @amanpreetsingh-msft, thank you very much for this.
Your suggestion worked.

It really did not fail with 401 but with error code Authentication_InvalidCredentials.
I may have been approaching this in a wrong way.

I am trying to create a daemon console application connecting to business central.
But since client credential is being rejected, currently have no way of solving this.

Accepted your answer as solution to this thread. Thanks

0 Votes 0 ·