Hi,
I'm trying to integrate our web app (collect form data and push data to customers CRM's -- like Salesforce, Eloqua, Pardot, etc.) with MS Dynanmics. Calls from our servers are simple HTTP requests from PHP using curl. I'm understand the OAuth process and have successfully used it on many previous integrations with other CRMs. Just to be clear, our web site/web app is NOT hosted with MS -- it's externally hosted.
However, I've hit a wall in just trying to get an access_token and then use that token to make requests to MS Dynamics. Here are the steps that i've currently taken to get to this point:
- Signed up for a trial MS Dynamics account - this is a test account to attempt to read and write data (specifically Contact and Leads). Lets call this 'CustomerCRM'
- Signed up for a separate Azure account - this is the location of the Active Directory where i registered an App (lets call it 'DataCapture'). Set it as type 'Web app / API' , set the redirect and homepage urls, set it at Multi-tenant. And under permissions i checked all of them listed. When this goes live i will pair it down to exactly what i need (once i figure out what that is) but for now i check all since it should allow me to test pushing data to the CRM. I also setup a 'Key' under the API Access area -- i read somewhere that this is what is used as the client_secret used during the access_token request process (IS THIS CORRECT?!?).
- Using a simple GET request via a browser, i make a call to request authorization of the App by the CRM account:
login.microsoftonline.com/.../authorize client_id='xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx' &response_type='code' &redirect_uri='www.ourdomain.com/dynamics_cb' &response_mode='query' &state='SOME_UNIQUE_UID'
Where client_id is the APP_ID found in the DataCapture Azure account under the created app. This presents a login form for 'DataCapture' asking for a user/pass. When i enter that info for an administrator from the 'CustomerCRM' account , i get redireded to the redirect_uri with a response parameter named 'code'. YEAH!
However, what is weird is that if i try and add a 'resource' parameter to the above call like:
&resource='customercrm.crm.dynamics.com'
which i figured i should do , i get the following error after attempting the login with the same admin user:
error: invalid_resource
error_description: AADSTS50001: The application named customercrm.crm.dynamics.com was not found in the tenant named CustomerCRM.crm.dynamics.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
This seems very strange since the app is part of DataCapture -- not CustomerCRM ?!? - OK, assuming the above GET call with the returned 'code' is actaully good, we'll send the code to get an access_token:
POST /common/oauth2/token HTTP/1.1 Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache grant_type=authorization_code client_id=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx code=AQABAAAAAADRNYRQ3dhRSrm-4K-ad.... redirect_uri=www.ourdomain.com/dynamics_cb resource=customercrm.crm.dynamics.com client_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Unfortunately i get the following response:
[error] => unauthorized_client
[error_description] => AADSTS65005: The client application has requested access to resource 'customercrm.crm.dynamics.com'. This request has failed because the client has not specified this resource in its requiredResourceAccess list.
[error_codes] => Array
(
[0] => 65005
)
Am i missing something somewhere in the CustomerCRM admin user settings? When i login to the Dynamics CRM and view the apps that user has, it shows the 'DataCapture' app and lists out all the permissions that were authorized when i authenticated the user.
Anyone have any ideas on what i might have messes up? Do i need to setup my app in the Azure account differenly? Is it ok to use the Default Directly in the Azure Active Directory setup?
Any insight would be greatly appreciated!
-Michael