The ROPC grant type should only be used in scenario when the Client application is absolutely trusted with user credentials and when redirect based flow are not possible. It was introduced for the Legacy Application for quick migration and is now more or less considered obsolete by OAuth Working group, and ideally should not be used.
In this flow, User enters his credentials (username and password) in the client application, when is then sent to Token Endpoint of the Authorization Server for Access Token request. The client application then gets the access token and call/request the protected resources (Web API) and get response. Here we remove the user from the authorization process and are not using the Authorization endpoint at all. The apps using this flow will lose the benefits of multi-factor authentication MFA and Single Sign-On.
Request à
| client_id | Client id of the app registered in Azure Active Directory.
We can also use the default client id – “2ad88395-b77d-4561-9441-d0e40824f9bc” – which is setup against Dynamics 365 Online instances. https://www.crmviking.com/2017/08/piggybacking-on-msdyn365.html |
| username | User’s username |
| password | User’s password |
| grant_type | password |
| resource | Dynamics 365 URL |
Sample C# Code à
Create the console application and add the following Nuget Package
static void Main(string[] args)
{
// Dynamics CRM Online Instance URL
string resource = "https://bankfabdemo.crm.dynamics.com";
// ID of the Application Registered
// "2ad88395-b77d-4561-9441-d0e40824f9bc" - Default Client Id which is setup against Dynamics 365 Online instances.
string clientId = "2ad88395-b77d-4561-9441-d0e40824f9bc";
// username and password of the user
UserCredential userCrendential = new UserCredential("nishantrana@bankfabdemo.onmicrosoft.com", "*******");
// Authenticate the registered application with Azure Active Directory.
// Token URL - https://login.microsoftonline.com/common/oauth2/token
AuthenticationContext authContext =
new AuthenticationContext("https://login.windows.net/common");
AuthenticationResult authResult = authContext.AcquireToken(resource, clientId, userCrendential);
var accessToken = authResult.AccessToken;
// use HttpClient to call the Web API
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0");
httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0");
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
httpClient.BaseAddress = new Uri("https://bankfabdemo.crm.dynamics.com/api/data/v9.0/");
var response = httpClient.GetAsync("WhoAmI").Result;
if (response.IsSuccessStatusCode)
{
var userDetails = response.Content.ReadAsStringAsync().Result;
}
}
The result: –
Inside Fiddler à
Sample Code – Dynamics 365 Web API / Organization Service
Hope it helps..
Nishant Rana's Weblog 
Hi Nishant,
Thanks for sharing the information.I would like to know whether an application user can post data to CRM through postman.Since the application user doesn’t have password,he can’t login as a normal CRM user.The example that you have demonstrated is with a CRM user.I am wondering whether we can achieve the same user an application user created using Azure App credentials.
LikeLike
This is what you can try https://nishantrana.me/2019/08/25/connect-to-dynamics-365-web-api-using-oauth-2-0-authorization-code-grant-type/
LikeLike