How to – Connect to Dynamics 365 Web API using OAuth 2.0 – Implicit Grant Type (through Postman)

In the previous post we covered below grant type

here we’d be looking at the Implicit Grant Type.

Implicit Grant Type is for the “Public Clients”, client application that cannot keep the Client Secret, HTML or Angular app that communicates from the browser (through JavaScript) and have no server involved, therefore used for Single Page Application (SPA).

Instead of getting the authorization code from the Authorization Server like in case of Authorization Grant and then using the authorization code (along with Client Secret) to get the access token. In case of Implicit Grant, the client application directly requests for the access token from the Authorization Endpoint.

We need to pass the below details

response_type token
client_id Application ID
redirect_uri http://%5Blocalhost%5D

to the Authorization URL à[tenantid]/oauth2/authorize

The redirect_uri must match against the one registered, this way the Authorization Server, makes sure that there are no unauthorized client applications requesting the token.

Some of the drawbacks are that the Access Tokens are exposed to resource owner in the URL and also there is no validation that the access token is meant for that particular client.

To get started à

Register your application with the Azure Active Directory tenant. Copy the Client Id.

For Redirect URI we will set the URL of the single page application which we will be developing later. So specify any valid URL there.

Enable the application for the Implicit Flow by setting oauth2AllowImplicitFlow as true from Manifest of the application.

Or from the Authentication section.

From Postman à

Go to Authorization tab and click on Get New Access Token button

Specify Grant Type as implicit, along with CallBack Url i.e. redirect_uri and the client id.

Here for the Auth URL, we should have the resource query parameter specified in the Authorization Endpoint which refers to our Dynamics CE Organization.[org]

Click on Request Token to get the access token.

Inside Fiddler: We’d see the following parameter being passed to the authorization endpoint.

Clicking on Request Token will open the popup for us to login and provide the consent.

The access token à

Let us try changing the Callback Url and send the request again

We’d get the below error

As was mentioned earlier –

The redirect_uri must match against the one registered in the application, this way the Authorization Server, makes sure that there are no unauthorized client applications requesting the token.

Sample Code – Dynamics 365 Web API / Organization Service

Hope it helps..


Author: Nishant Rana

I love working in and sharing everything about Microsoft.NET technology !

5 thoughts on “How to – Connect to Dynamics 365 Web API using OAuth 2.0 – Implicit Grant Type (through Postman)”

Please share your thoughts

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

My Trial

It is my experience timeline.


Sharing my knowledge and experience about the Microsoft Power Platform.

Arpit Power Guide

a guide to powering up community

Welcome to the Blog & Website of Paul Andrew

Technical Leadership Centred Around the Microsoft Data Platform

Deriving Dynamics 365

Deriving Solutions and features on Power Platform/Dynamics 365

The CRM Ninja

Thoughts & musings from a Dynamics 365 Ninja!

D CRM Explorer

Learn about Microsoft Dynamics CRM Power Platform customization and implementation and other cool stuffs

Stroke // Jonas Rapp

I know pre-stroke. I will improve who I was.

Power Melange

Power Melange By Shalinee

Clavin's Blog

Power Automate - Power Apps - SharePoint Online - Azure - Nintex - K2 - Artificial Intelligence

Sat Sangha Salon

An Inquiry in Being

The Indoencers

The Influencers & Influences of Indian Music

Monika Halan's blog

Hand's-free money management

D365 Demystified

A closer look at Microsoft Dynamics 365.

Microsoft Mate (msftmate) - Andrew Rogers

Experienced consultant primarily focused on Microsoft Dynamics 365 and the Power Platform


Specific topics by Django Lohn on the whole Microsoft365 Stack

Manmit Rahevar's Blog

One Stop Destination for Microsoft Technology Solutions


Naturally Curious

Brian Illand

Power Platform and Dynamics 365

Steve Mordue MVP

A Microsoft Business Applications MVP

Subwoofer 101

Bass defines your home theater

SQLTwins by Nakul Vachhrajani

SQL Server tips and experiences dedicated to my twin daughters.

Everything D365

Discovering Azure DevOps and D365 Business Applications

Tech Wizard

Lets do IT Spells

XRM Tricks (Power Platform & Dynamics CRM )

Power Platform & Dynamics CRM


Mail to for queries and suggestions

Giving back to the community what I have learned

xrm CRM Dynamics

Dynamics CRM Technical & Functional Info

Dynamics 365 Blogs - Explained in unique way

Sometimes you need to look at things from different perspective.

CRM Keeper

Dynamics 365 Customer Engagement, CRM, Microsoft CRM, Dynamics CRM


Step into the world of a Dynamics 365 Consultant

Dianamics PCF Lady

Diana & Dynamics 365 & Power Platform

%d bloggers like this: