How to – Connect to Dynamics 365 Web API using OAuth 2.0 – Implicit Grant Type (through Postman)


In the previous post we covered below grant type

here we’d be looking at the Implicit Grant Type.

Implicit Grant Type is for the “Public Clients”, client application that cannot keep the Client Secret, HTML or Angular app that communicates from the browser (through JavaScript) and have no server involved, therefore used for Single Page Application (SPA).

Instead of getting the authorization code from the Authorization Server like in case of Authorization Grant and then using the authorization code (along with Client Secret) to get the access token. In case of Implicit Grant, the client application directly requests for the access token from the Authorization Endpoint.

We need to pass the below details

response_type token
client_id Application ID
redirect_uri http://%5Blocalhost%5D

to the Authorization URL à

https://login.microsoftonline.com/[tenantid]/oauth2/authorize

The redirect_uri must match against the one registered, this way the Authorization Server, makes sure that there are no unauthorized client applications requesting the token.

Some of the drawbacks are that the Access Tokens are exposed to resource owner in the URL and also there is no validation that the access token is meant for that particular client.

To get started à

Register your application with the Azure Active Directory tenant. Copy the Client Id.

For Redirect URI we will set the URL of the single page application which we will be developing later. So specify any valid URL there.

Enable the application for the Implicit Flow by setting oauth2AllowImplicitFlow as true from Manifest of the application.


Or from the Authentication section.


From Postman à

Go to Authorization tab and click on Get New Access Token button


Specify Grant Type as implicit, along with CallBack Url i.e. redirect_uri and the client id.

Here for the Auth URL, we should have the resource query parameter specified in the Authorization Endpoint which refers to our Dynamics CE Organization.

https://login.microsoftonline.com/bd88124a-ddca-4a9e-bd25-f11bdefb3f18/oauth2/authorize?resource=https://[org].crm.dynamics.com


Click on Request Token to get the access token.

Inside Fiddler: We’d see the following parameter being passed to the authorization endpoint.


Clicking on Request Token will open the popup for us to login and provide the consent.


The access token à


Let us try changing the Callback Url and send the request again


We’d get the below error


As was mentioned earlier –

The redirect_uri must match against the one registered in the application, this way the Authorization Server, makes sure that there are no unauthorized client applications requesting the token.

Sample Code – Dynamics 365 Web API / Organization Service

Hope it helps..

Advertisements

Author: Nishant Rana

I love working in and sharing everything about Microsoft.NET technology !

Power Spark

Power Spark By Shrangarika

Van Carl Nguyen

Exploration of Power Platform

My Trial

It is my experience timeline.

Power⚡Thomas

Sharing my knowledge and experience about the Microsoft Power Platform.

Arpit Power Guide

a guide to powering up community

Welcome to the Blog of Paul Andrew

Sponsored by Cloud Formations Ltd

Deriving Dynamics 365

Deriving Solutions and features on Power Platform/Dynamics 365

The CRM Ninja

Thoughts & musings from a Dynamics 365 Ninja!

buycrm.shop

D CRM Explorer

Learn about Microsoft Dynamics CRM Power Platform customization and implementation and other cool stuffs

Stroke // Jonas Rapp

I know pre-stroke. I will improve who I was.

Microsoft Dynamics CRM / 365

Balu Gajjala

Power Melange

Power Melange By Shalinee

Clavin's Blog

Power Automate - Power Apps - SharePoint Online - Azure - Nintex - K2 - Artificial Intelligence

Sat Sangha Salon

An Inquiry in Being

The Indoencers

The Influencers & Influences of Indian Music

Lets think Innovative

Kokulan's Blog

Monika Halan's blog

Hand's-free money management

D365 Demystified

A closer look at Microsoft Dynamics 365.

Microsoft Mate (msftmate) - Andrew Rogers

Experienced consultant primarily focused on Microsoft Dynamics 365 and the Power Platform

Knowhere365

Specific topics by Django Lohn on the whole Microsoft365 Stack

KKIT365

Manmit Rahevar's Blog

One Stop Destination for Microsoft Technology Solutions

MG

Naturally Curious

Microsoft Technologies and D365 Blogs by Prasanna Vadlamudi

Prasanna Vadlamudi

Brian Illand

Power Platform and Dynamics 365

Steve Mordue MVP

A Microsoft Business Applications MVP

Subwoofer 101

Bass defines your home theater

justanotherbuzzword.wordpress.com/

Neel Bhatt

SQLTwins by Nakul Vachhrajani

SQL Server tips and experiences dedicated to my twin daughters.

Codemender

Everything D365

Discovering Azure DevOps and D365 Business Applications

Tech Wizard

Lets do IT Spells

Jan Kodet

Minh Trung 's Weblog

stoovo

twobitetips.com/

Regina Properties For Sale | Russ Parry REALTOR® | RE/MAX Crown Real Estate

Russ Parry REALTOR®

mobiupdates.com

XRM Tricks (Power Platform & Dynamics CRM )

Power Platform & Dynamics CRM

CRM TIPS BY PRM

Mail to crmtipsbyprm@gmail.com for queries and suggestions

Microsoft Dynamics CRM Blog

nijos.dev

Giving back to the community what I have learned

Power Platform Learning

Learn and Share

xrm CRM Dynamics

Dynamics CRM Technical & Functional Info

SharePoint and other geeky stuff

Dynamics 365 Blogs - Explained in unique way

Sometimes you need to look at things from different perspective.

CRM Keeper

Dynamics 365 Customer Engagement, CRM, Microsoft CRM, Dynamics CRM