Dynamics365 - Connection Settings

Used by most of Microsoft Dynamics 365 applications

Get an OAuth Access Token in appRules

Use the values defined in the Dynamics365 App Registration

After setting the following properties in the appRules Datasource definition, you are ready to connect:

  • OAuthClientId: Set this to the Application (Client) Id

  • OAuthClientSecret: Set this to the Client Secret in your app settings.

  • CallbackURL: Set this to the Redirect URL in your app settings.

  • AuthScheme: Set this to the "AzureAD" in your app settings.

  • InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.

When you click Test Connection or Refresh Metadata the provider checks the token stored in the OAuthSettingsLocation, connect using the CLIENT app (oAuthType=CLIENT)

If the token does not exist or has expired ,the provider then completes the OAuth process:

  1. Extracts the access token from the callback URL and authenticates requests.

  2. Obtains a new access token when the old one expires.

  3. Saves OAuth values in a txt file in the OAuthSettingsLocation (default location is C:\ProgramData\appStrategy\PortalData\Default\DbFiles\<appRules Project Database Name>\DataProviders) to be persisted across connections.

Connect using MSI Authentication

If you are running the source on an Azure VM, you can leverage Managed Service Identity (MSI) credentials to connect:

  • AuthScheme: Set this to AzureMSI.

The MSI credentials will then be automatically obtained for authentication.

Client Credentials

Client credentials refers to a flow in OAuth where there is no direct user authentication taking place. Instead, credentials are created for just the app itself. All tasks taken by the app are done without a default user context. This makes the authentication flow a bit different from standard.

Client OAuth Flow

All permissions related to the client oauth flow require admin consent. This means the app embedded with the Provider cannot be used in the client oauth flow. You must create your own OAuth app in order to use client credentials.

In your App Registration in portal.azure.com, navigate to API Permissions and select the Microsoft Graph permissions. There are two distinct sets of permissions - Delegated and Application permissions. The permissions used during client credential authentication are under Application Permissions. Select the applicable permissions you require for your integration.

In addition to setting the standard OAuth client id and secret, to use client credentials you must also set the following connection properties:

  • OAuthGrantType: Set this to CLIENT.

  • AzureTenant: Set this to the tenant you wish to connect to.

When you authenticate using client credentials, there is no Web flow. Authentication with client credentials will take place automatically like any other connection, except there will be no window opened prompting the user. Because there is no user context, there is no need for a browser popup. Connections will take place and be handled internally.

Last updated