Home > front end >  User unauthorized though the token is correct
User unauthorized though the token is correct

Time:01-31

I'm trying to integrate D365FO with a third party application, I was able to do the proper setup and register my app, fetch the Token as shown below:

enter image description here

I used the resource as the link for D365FO at the development machine, which is https://usnconeboxax1aos.cloud.onebox.dynamics.com/ and read the D365FO data as shown below:

enter image description here

I want to change the login methid, so I do login on behalf of the user, using the password, so I Disabled thesecurirty details at Azure (based on enter image description here

And got teh token of the loged user successfult as below:

enter image description here

enter image description here

But once I tried fetching the same data which I was able to fetch before, I got 401 unauthorized, though I'm loggin in using the Admin account:

enter image description here

CodePudding user response:

The error 401 Unauthorized usually occurs if you make calls to the resource with invalid audience.

When you generate the access token with scope as user.read openid profile offline_access, audience will be Microsoft Graph that won't work with D365FO.

I tried to reproduce the same in my environment via Postman and got below results:

I registered one Azure AD application and added same API permissions like below:

enter image description here

Now I generated tokens with grant type as password by including same parameters as you like below:

POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token

client_id: <appID>
client_secret: <secret>
scope: user.read openid profile offline_access
grant_type: password
username: [email protected]
password: xxxxxxxxxxx

Response:

enter image description here

You can decode the above access token by pasting it in jwt.ms to check the audience.

When I decoded the access token, I got aud claim as 00000003-0000-0000-c000-000000000000 (i.e, Microsoft Graph) like below:

enter image description here

If you use this token to read D365FO data, you will get 401 Unauthorized error as audience is invalid.

To resolve the error, you need to generate access token with resource value as base URL of your D365FO instance by making below changes:

POST https://login.microsoftonline.com/organizations/oauth2/token

client_id: <appID>
client_secret: <secret>
resource: <base URL of your D365FO instance without the trailing '/'>
grant_type: password
username: [email protected]
password: xxxxxxxxxxx

In your case, value of resource parameter should be https://usnconeboxax1aos.cloud.onebox.dynamics.com

This token will have audience same as your D365FO root URL. To confirm that, you can decode it in jwt.ms. If you use this token to read D365FO data, it will work!

Reference:

Test services by using third-party utilities - Finance & Operations | Dynamics 365 | Microsoft

Page link:https//www.codepudding.com/frontend/688006.html

Prev:i can't connect to input container. but the container is acccessible and the file is there
Next:Which Azure API versions does Terraform support?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding