locked
MS CRM 2013 Online OAuth unsupported_grant_type - authorization_code RRS feed

  • Question

  • Hello,

    We have an ASP.NET MVC 4 application that runs inside an iframe in MS CRM 2013. The web application uses the MS CRM web services (Organization web service) to retrieve and save data. To do so, it needs to authenticate. For on-premises we are using windows authentication and impersonate with the currently logged user in MS CRM (user id is passed to the iframe URL). It works like a charm.

    However for MS CRM 2013 Online, since we want to avoid storing any user credentials in our application, we have chosen to use OAuth. Any suggestion how to achieve the same in a different way are most welcome since it does not seam right to use a method mostly for non-dot-net clients.

    We are able to get the code calling: https://login.windows.net/{0}/oauth2/authorize?response_type=code&resource={1}&client_id={2}&redirect_uri={3}. But when I ask for the token, I get a 400 Bad Request error.

    Request

    Method: POST

    URL: https://login.windows.net/{0}/oauth2/token?api-version=1.0

    Header:

    User-Agent: Fiddler
    Host: login.windows.net
    Content-Length: 563
    Content-Type: application/x-www-form-urlencoded

    Body:

    grant_type=authorization_code&code={0}&redirect_uri={1}&resource={2}

    Response

     {"error":"unsupported_grant_type","error_description":"ACS70003: The access grant \u0027authorization_code\u0027 is not supported...}

    The comments under this article (http://blogs.msdn.com/b/aadgraphteam/archive/2013/05/17/using-oauth-2-0-authorization-code-grant-for-delegated-access-of-directory-via-aad-graph.aspx?CommentPosted=true#commentmessage) suggest that this is a Azure AD bug but it should have been fixed by now, I guess. Am I doing something wrong?

    Thanks in advance,

    Enoch

    Sunday, April 6, 2014 11:47 PM

All replies

  • Hello,

    We have an ASP.NET MVC 4 application that runs inside an iframe in MS CRM 2013. The web application uses the MS CRM web services (Organization web service) to retrieve and save data. To do so, it needs to authenticate. For on-premises we are using windows authentication and impersonate with the currently logged user in MS CRM (user id is passed to the iframe URL). It works like a charm.

    How can we achieve this in MS CRM 2013 Online? Impersonation itself should not be a problem but how can our application authenticate to the MS CRM web services on the first place? Multiple MS CRM customers may use our application, so configuration from our customers' point of view should not be too hard (actually it should be as simple as possible). 

    A similar question have been asked here: https://community.dynamics.com/crm/f/117/p/76370/265655.aspx#265655. In this post we get to a user with the "delegate" privilege which will be used for the initial authentication and then impersonation is done. It is all fine but from where do we get the credentials to use such a user. I suppose this user should be created first and his credentials stored somewhere in the application in order to be retrieved and used when authentication is required but it still does not seem right and much more complex than what is done in salesforce.

    Thanks in advance!

    Enoch

    Monday, April 7, 2014 12:17 AM