How can I get an access token from from Azure AD using NAV2017
prakaash786
Member Posts: 12
Hi
I want to get an access token from azure, first I need to get the authorization code based on the GET request to HTTPRequest and then use the authorization code to get the access token using POST request. How can I get that in NAV from azure.
Regards,
Chandra Prakash Soni
I want to get an access token from azure, first I need to get the authorization code based on the GET request to HTTPRequest and then use the authorization code to get the access token using POST request. How can I get that in NAV from azure.
Regards,
Chandra Prakash Soni
0
Best Answer
-
URL := 'https://login.microsoftonline.com/'+TenantID+'/oauth2/token'; PostData := 'grant_type=client_credentials'+ '&client_id='+ClientID+ '&client_secret='+ClientSecret+ '&resource='+Resource; RequestString := PostData; HttpWebRequest := HttpWebRequest.Create( URL); HttpWebRequest.Timeout := 30000; HttpWebRequest.Method := 'POST'; HttpWebRequest.ContentType := 'application/x-www-form-urlencoded'; HttpWebRequest.ContentLength := RequestString.Length; SetRequestStream( HttpWebRequest, RequestString); HttpWebResponse := HttpWebRequest.GetResponse; IF FORMAT(HttpWebResponse.StatusCode) = 'OK' THEN BEGIN StreamReader := StreamReader.StreamReader(HttpWebResponse.GetResponseStream); JSonString := StreamReader.ReadToEnd;
with SetRequestStream(VAR HttpWebRequest : DotNet "System.Net.HttpWebRequest";VAR String : DotNet "System.String")
asStreamWriter := StreamWriter.StreamWriter(HttpWebRequest.GetRequestStream); StreamWriter.Write(String); StreamWriter.Close; StreamWriter.Dispose;
this JSon string will now contain an element with the 'access_token' and a field 'expires_in' containing the amount of seconds the access_token is valid5
Answers
-
URL := 'https://login.microsoftonline.com/'+TenantID+'/oauth2/token'; PostData := 'grant_type=client_credentials'+ '&client_id='+ClientID+ '&client_secret='+ClientSecret+ '&resource='+Resource; RequestString := PostData; HttpWebRequest := HttpWebRequest.Create( URL); HttpWebRequest.Timeout := 30000; HttpWebRequest.Method := 'POST'; HttpWebRequest.ContentType := 'application/x-www-form-urlencoded'; HttpWebRequest.ContentLength := RequestString.Length; SetRequestStream( HttpWebRequest, RequestString); HttpWebResponse := HttpWebRequest.GetResponse; IF FORMAT(HttpWebResponse.StatusCode) = 'OK' THEN BEGIN StreamReader := StreamReader.StreamReader(HttpWebResponse.GetResponseStream); JSonString := StreamReader.ReadToEnd;
with SetRequestStream(VAR HttpWebRequest : DotNet "System.Net.HttpWebRequest";VAR String : DotNet "System.String")
asStreamWriter := StreamWriter.StreamWriter(HttpWebRequest.GetRequestStream); StreamWriter.Write(String); StreamWriter.Close; StreamWriter.Dispose;
this JSon string will now contain an element with the 'access_token' and a field 'expires_in' containing the amount of seconds the access_token is valid5 -
Hi ,
Thanks for the reply .
The approach elaborated above will fetch access token using Client credentials grant . This approach used the identity of an application to fetch the access token . We want to fetch token for the logged in user using Authorization code grant or Openid Connect
Retrieving access token for the already signed in user in NAV web portal .
How do we reference the singed in Users context .
And using this context fetch the users access token for the third party resource?
Regards,
Abhijit0 -
Hi Remco,
Thanks for the quick answer,
Your solution works and generates the token but that token on decoding gives the client permission, we need to get the token containing the user permissions for the third party. So coming back to the original post where I have mentioned to get the authorization code first using GET and then use that authorization code to get the User access token for the app. I hope I am clear now.
Thanks a lot again for the help.
Regards,
Chandra Prakash Soni0 -
prakaash786 wrote: »Hi Remco,
Thanks for the quick answer,
Your solution works and generates the token but that token on decoding gives the client permission, we need to get the token containing the user permissions for the third party. So coming back to the original post where I have mentioned to get the authorization code first using GET and then use that authorization code to get the User access token for the app. I hope I am clear now.
Thanks a lot again for the help.
Regards,
Chandra Prakash Soni
The complete mechanism is explained oin detail here : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code
So the code to get the code :-) should contains something like thishttps://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize? client_id=6731de76-14a6-49ae-97bc-6eba6914391e &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F &response_mode=query &scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read &state=123450 -
Hi Remco,
I had this problem before, but your solution given me some hope in order to get the authorization code by make the GET request with required parameters but when I try that then it gives the response of the sign in page to sign in.
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
<head>
<title>Sign in to your account</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<meta name="PageID" content="ConvergedSignIn" />
<meta name="SiteID" content="" />
<meta name="ReqLC" content="1033" />
<meta name="LocLC" content="en-US" />
<noscript>
<meta http-equiv="Refresh" content="0; URL=https://login.microsoftonline.com/jsdisabled" />
</noscript>
<link rel="shortcut icon" href="https://secure.aadcdn.microsoftonline-p.com/ests/2.1.7935.15/content/images/favicon_a.ico" />
<meta name="robots" content="none" />
<script type="text/javascript">//<![CDATA[
$Config={"fShowPersistentCookiesWarning":false,"urlMsaLogout":"https://login.live.com/logout.srf?iframed_by=https://login.microsoftonline.com","urlUxPreviewOptOut":"https://login.microsoftonline.com/common/uxpreview/optout","showCantAccessAccountLink":true,"iBindProvider":0,"urlFeatureAnnouncementBlogPost":"https://aka.ms/AA1edlw","fCollapseExcessLinks":true,"fShowLoginV2PreviewLink":true,"urlSessionState":"https://login.microsoftonline.com/common/DeviceCodeStatus","urlResetPassword":"https://passwordreset.microsoftonline.com/?r
The message is quite long so I trimmed it. Now my question is how can I get rid off/bypass the sign in page and get the code (by redirecting it to redirect url.
Thanks in advance.
Regards,
Chandra Prakash Soni0 -
Just to add few more information that the url created for the GET request if I use it in the browser it redirects me to the redirecturl with an authorization code in the url.0
-
The complete mechanism is explained oin detail here : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code
So the code to get the code :-) should contains something like thishttps://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize? client_id=6731de76-14a6-49ae-97bc-6eba6914391e &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F &response_mode=query &scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read &state=12345[/quote]
Hi Remco,
As per the above approach we get the code from the Authorization Endpoint but the reply is redirected to the endpoint mentioned in the redirect_uri query parameter .
If I specify the redirect_uri as Nav WebPage . How do i read the querystring parameter values at the time of page load within the NAV web page .
If there is a way to read the query string parameter values than that will solve the problem
Thanks & Regards,
Abhijit Ger
0 -
prakaash786 wrote: »Hi Remco,
I had this problem before, but your solution given me some hope in order to get the authorization code by make the GET request with required parameters but when I try that then it gives the response of the sign in page to sign in.
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
<head>
<title>Sign in to your account</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<meta name="PageID" content="ConvergedSignIn" />
<meta name="SiteID" content="" />
<meta name="ReqLC" content="1033" />
<meta name="LocLC" content="en-US" />
<noscript>
<meta http-equiv="Refresh" content="0; URL=https://login.microsoftonline.com/jsdisabled" />
</noscript>
<link rel="shortcut icon" href="https://secure.aadcdn.microsoftonline-p.com/ests/2.1.7935.15/content/images/favicon_a.ico" />
<meta name="robots" content="none" />
<script type="text/javascript">//<
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions