Use Portal OAuth token with an external Web API
This sample is an ASP.NET based project and is used to validate the ID token issued by Microsoft Dynamics 365 for Customer Engagement Portal.
- Replace the value of
portalUrlwith your Portal URL in the application setting
<add key="Microsoft.Dynamics.AllowedPortal" value="portalUrl"/>
- If the token was fetched from Portal using a ClientId, replace the value of ValidAudience in Startup.cs (L. 103) with a valid ClientId that is registered with Dynamics 365.
- If the token was not fetched using a ClientId, set the value of ValidateAudience in Startup.cs to
false. (L. 102)
- Build the project to fetch all packages from Nuget Store.
- Make a
GETrequest to ServerURL (e.g:
http://localhost:60717/api/external/WhoAmI) with Authorization Header having the value "Bearer TokenFetchedFromPortal". For example:
Key: Authorization Value: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJ.
- You can use a request composer tool like Postman to test this.
- To decode the ID token, you can visit https://jwt.io.
- This Project uses a custom BearerAuthenticationProvider called DynamicsPortalBearerAuthenticationProvider.
- This provider is registered in StartUp.cs with route
- All actions for the routes starting with
api/externalare defined in Controllers/ExternalWebApiController.cs file. (RoutePrefix used)
- All ID tokens are digitally signed by Portal using its private key.
- DynamicsPortalBearerAuthenticationProvider uses the Portal's public key endpoint (/_services/auth/publickey) to validate the token.
- DynamicsPortalBearerAuthenticationProvider also validates the audience and issuer of the ID token.