Dynamics 365 Online Authenticate with User Credentials
John Towgood, 12 February 2018
Integrating with Dynamics 365 Online is straightforward since it exposes Web API endpoints. But the hardest bit is authenticating since Dynamics 365 Online uses OAuth2.0 as an authentication method, a valid access bearer token issued by Microsoft Azure Active Directory is needed and used in every HTTP requests to the Web API.
There are a couple of ways to authenticate and obtain a bearer token which will be covered in future blogs but in this blog, I will cover using user credentials (Active CRM user’s username and password). Also covered is how to obtain a bearer token from a refresh token when token is expired. Here are the steps you would need to follow to authenticate using User Credentials.
1. Get Bearer Access Token by sending HTTP POST request to Token endpoint
The Token URL endpoint for any Dynamics 365 Online instances would be https://login.microsoftonline.com/common/oauth2/token
The body content of the HTTP Request will contain the following and will be URL encoded.
| Key | Value | Description |
| client_id | 2ad88395-b77d-4561-9441-d0e40824f9bc | Default Client Id which is setup against Dynamics 365 Online instances. |
| resource | https://authenticatedemo.crm6.dynamics.com/ | Dynamics 365 Online Instance URL |
| username | john@authenticatedemo.onmicrosoft.com | Active CRM Users username |
| password | Passw0123 | Active CRM Users password |
| grant_type | password | Password set as a grant type |
HTTP POST Request:
POST https://login.microsoftonline.com/common/oauth2/token Accept: application/json Content-Type: application/x-www-form-urlencoded |
client_id=2ad88395-b77d-4561-9441-d0e40824f9bc& username=john%40authenticatedemo.onmicrosoft.com& password=Passw0123& grant_type=password |
HTTP Response:
HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 |
{ |
2. Set the Authorization Header of the HTTP GET request
From HTTP Response in step 1, extract the string value of the access token key which will be the bearer token.
{ |
Set the Authorization header value of the HTTP OData request to be Bearer <access token>
HTTP GET Request:
GET https://authenticatedemo.api.crm6.dynamics.com/api/data/v9.0/accounts?$select=name |
HTTP Response:
HTTP/1.1 200 OK |
{ "@odata.context":"http://authenticatedemo.api.crm6.dynamics.com/api/data/v9.0/$metadata#accounts(name)", "value":[ { "@odata.etag":"W/\"1257828567\"","name":"Test A","accountid":"e0b6ae92-4230-e711-80bf-00155d048d78" } ] } |
3. Refresh Expired Bearer Access Token
Use the refresh token to obtain a new access token once previous token has expired.
The body content of the HTTP Request will contain the following and will be URL encoded
| Key | Value | Description |
| client_id | 2ad88395-b77d-4561-9441-d0e40824f9bc | Default Client Id which is setup against on Dynamics 365 Online instances |
| resource | https://authenticatedemo.crm6.dynamics.com/ | Dynamics 365 Online Instance URL |
| refresh_token | AQABAAAAAABHh4kmS_aKT5XrjzxRAtHz…. | The string value of the refresh token key obtained in step 1. |
| grant_type | refresh_token | refresh_token set as a grant type |
HTTP POST Request:
POST https://login.microsoftonline.com/common/oauth2/token |
client_id=2ad88395-b77d-4561-9441-d0e40824f9bc& |
HTTP Response:
HTTP/1.1 200 OK |
{ |
Store the refresh token safely in a database or any other storage system, then you can reuse this refresh token every time to obtain a new access token. So, if the Dynamics 365 user changes their password this method of using the refresh token to authenticate will still work.
Category List
Filter by Author
Adam Murchison
Alfwyn Jordan
Arthur Mandisodza
Calum Jacobs
Colin Maitland
David Mochrie
Dominic Liu
Gayan Perera
Harshani Perera
Isaac Stephens
Jaime Smith
Jared Johnson
John Barrencechea
John Eccles
Lauren Withers
Paul Nieuwelaar
Roshan Mehta
Roz Millar
Ryan Blaikie
Ryan Ingram
Sarah Coleman
Sean Roque
Shalane Williams