Dynamics 365 Online Authenticate with User Credentials

Integrating with Dynamics 365 Online is straightforward since it exposes Web API endpoints. But the hardest bit is authenticating since Dynamics 365 Online uses OAuth2.0 as an authentication method, a valid access bearer token issued by Microsoft Azure Active Directory is needed and used in every HTTP requests to the Web API.

image thumb Dynamics 365 Online Authenticate with User CredentialsThere are a couple of ways to authenticate and obtain a bearer token which will be covered in future blogs but in this blog, I will cover using user credentials (Active CRM user’s username and password). Also covered is how to obtain a bearer token from a refresh token when token is expired. Here are the steps you would need to follow to authenticate using User Credentials.

1.    Get Bearer Access Token by sending HTTP POST request to Token endpoint

The Token URL endpoint for any Dynamics 365 Online instances would be https://login.microsoftonline.com/common/oauth2/token

The body content of the HTTP Request will contain the following and will be URL encoded.

Key Value Description
client_id 2ad88395-b77d-4561-9441-d0e40824f9bc Default Client Id which is setup against Dynamics 365 Online instances.
resource https://authenticatedemo.crm6.dynamics.com/ Dynamics 365 Online Instance URL
username john@authenticatedemo.onmicrosoft.com Active CRM Users username
password Passw0123 Active CRM Users password
grant_type password

Password set as a grant type

HTTP POST Request:

HTTP Response:

HTTP/1.1 200 OK

Content-Type: application/json; charset=utf-8

{
     “token_type”: “Bearer”,
     “scope”: “user_impersonation”,
     “expires_in”: “3599”,
     “ext_expires_in”: “0”,
     “expires_on”: “1513203043”,
     “not_before”: “1513199143”,
     “resource”: “https://authenticatedemo.crm6.dynamics.com/”,
     “access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6In……………… “,
     “refresh_token”: “AQABAAAAAABHh4kmS_aKT5XrjzxRAtHzAKfFmI……………….. “
}

2.    Set the Authorization Header of the HTTP GET request

From HTTP Response in step 1, extract the string value of the access token key which will be the bearer token.

{
     “token_type”: “Bearer”,
……………………………………………
   “access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6In……………… “,
     “refresh_token”: “AQABAAAAAABHh4kmS_aKT5XrjzxRAtHzAKfFmI………………. “
}

Set the Authorization header value of the HTTP OData request to be Bearer

HTTP GET Request:

HTTP Response:

HTTP/1.1 200 OK
Content-Type: application/json; odata.metadata=minimal
OData-Version: 4.0

{

“@odata.context”:”http://authenticatedemo.api.crm6.dynamics.com/api/data/v9.0/$ metadata#accounts(name)”,

“value”:[

{

“@odata.etag”:”W/\”1257828567\””,”name”:”Test A”,”accountid”:”e0b6ae92-4230-e711-80bf-00155d048d78″

}

]

}

3.    Refresh Expired Bearer Access Token

Use the refresh token to obtain a new access token once previous token has expired.
The body content of the HTTP Request will contain the following and will be URL encoded

Key Value Description
client_id 2ad88395-b77d-4561-9441-d0e40824f9bc Default Client Id which is setup against on Dynamics 365 Online instances
resource  https://authenticatedemo.crm6.dynamics.com/ Dynamics 365 Online Instance URL
refresh_token AQABAAAAAABHh4kmS_aKT5XrjzxRAtHz…. The string value of the refresh token key obtained in step 1.
grant_type refresh_token refresh_token set as a grant type

HTTP POST Request:

POST https://login.microsoftonline.com/common/oauth2/token
Accept: application/json
Content-Type: application/x-www-form-urlencoded

client_id=2ad88395-b77d-4561-9441-d0e40824f9bc&
resource=https%3A%2F%2Fauthenticatedemo.crm6.dynamics.com%2F&
refresh_token=AQABAAAAAABHh4kmS_aKT5XrjzxRAtHzAKfFmI…………………………………&
&grant_type=refresh_token

HTTP Response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
     “token_type”: “Bearer”,
     “scope”: “user_impersonation”,
     “expires_in”: “3599”,
     “ext_expires_in”: “0”,
     “expires_on”: “1513203043”,
     “not_before”: “1513199143”,
     “resource”: “https://authenticatedemo.crm6.dynamics.com/”,
     “access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6In……………………………”,
     “refresh_token”: “AQABAAAAAABHh4kmS_aKT5XrjzxRAtHzAKfFmI…………………………… “
}

Store the refresh token safely in a database or any other storage system, then you can reuse this refresh token every time to obtain a new access token. So, if the Dynamics 365 user changes their password this method of using the refresh token to authenticate will still work.

Let’s block ads! (Why?)

Magnetism Solutions Dynamics CRM Blog