OAuth for the Web API

[lucasstark]

I'm wondering if OAuth for the Web API can be used here, and if so, any example of how one might get started doing that would be greatly appreciated!

Basically looking for the PHP version of: https://msdn.microsoft.com/en-us/library/gg327838.aspx

Thanks in advance.

[georged]

@lucasstark you are referring to OAuth client authentication, which is not quite the purpose of the library. While we may add that in the future, in the initial release we primarily target S2S authentication which uses client credentials grant.

However, you can provide your own implementation of OnlineAuthMiddleware implementation with authorisation code grant, which looks like what you're after. You can try using existing third-party libraries, e.g. OAuth2.

HTH
George

[SynedatPranke]

@georged: May I ask, how much time do you need to implement this feature? From my humble understanding it seems this feature is quite important on business level, if your company uses features like SSO for all internal webapps.

[georged]

@SynedatPranke it's not the question of time, it's the question of supply and demand. Yes, it'd be important for SSO however implementations of internal webapps using php is not that common in our experience. (Of course, I'm making a broad assumption that a company specializing in PowerApps / Dynamics 365 / CRM is most likely a .NET shop)

The most common scenario is an externally facing web site in WordPress, Drupal, Joomla that needs access to CDS / Dynamics 365 data. In this scenario S2S authentication is more appropriate. For example, we use the library in the upcoming version of the WordPress plugin (current version uses SOAP toolkit).

[amanjlucid]

I am getting the Message: Metadata request returned a 403 code while fetching record. Can you please suggest what am i missing ?
I am connecting with crm like below with my dynamic credentials -

$settings = new \AlexaCRM\WebAPI\OData\OnlineSettings();
$settings->instanceURI = 'https://contoso.crm.dynamics.com';
$settings->applicationID = '00000000-0000-0000-0000-000000000000';
$settings->applicationSecret = 'Application Secret';

$settings->tlsVerifyPeers = false;

$middleware = new \AlexaCRM\WebAPI\OData\OnlineAuthMiddleware( $settings );
$odataClient = new \AlexaCRM\WebAPI\OData\Client( $settings, $middleware );
$client = new \AlexaCRM\WebAPI\Client( $odataClient );

$retrievedContact = $client->Retrieve( 'account', '00000000-0000-0000-0000-000000000000', new \AlexaCRM\Xrm\ColumnSet( true ) );

[georged]

@amanjlucid

1. have you created an app user in Dataverse and granted that user a role?
2. If yes then perhaps that role is insufficient to access the account record?

Otherwise I'd suggest wiring up logging to see more details about the error.

[CaptainCannabis]

Same to me, i did everything stated here

https://docs.microsoft.com/de-DE/powerapps/developer/data-platform/walkthrough-register-app-azure-active-directory

[georged]

Please start separate issues on the auth issues. This issue is about SSO in AD environments.