|
|
| Line 1: |
Line 1: |
| − | <translate>
| + | #REDIRECT [[Main_Page]] |
| − | = Enable Data Access from Scenarios =
| |
| − | This procedure describes how to enable (i.e., authenticate and authorize) Bright Pattern scenario blocks to be used with Dynamics 365 data via Microsoft's Web API.
| |
| − | | |
| − | Before proceeding, be sure to complete the [[Microsoft-dynamics-365-integration-guide/Configuration/WebAPIAccessConfiguration | Web API access configuration]] steps.
| |
| − | | |
| − | == Step 1: Sign in to the Azure portal and get configuration values ==
| |
| − | The following configuration (Configuration DB table) will be needed by the Bright Pattern Scenario Engine in order to use the CRM Web API. These configuration values should be provided by the Azure portal.
| |
| − | | |
| − | CREATE TABLE 'ms_dynamics_365_data' (
| |
| − | 'ID' varchar(255) NOT NULL,
| |
| − | 'VERSION' bigint(20) DEFAULT NULL,
| |
| − | 'DEFAULT_ACCOUNT' tinyint(1) NOT NULL DEFAULT '0',
| |
| − | 'TENANT_ID' varchar(255) NOT NULL,
| |
| − | 'NAME' varchar(255) NOT NULL,
| |
| − | 'CLIENT_ID' varchar(255) NOT NULL,
| |
| − | 'CLIENT_SECRET' varchar(255) DEFAULT NULL,
| |
| − | 'REFRESH_TOKEN' longtext NOT NULL, (encrypted)
| |
| − | 'AUTHORIZATION_URL' varchar(255) NOT NULL,
| |
| − | 'TOKEN_URL' varchar(255) NOT NULL,
| |
| − | 'API_URL' varchar(255) NOT NULL,
| |
| − | PRIMARY KEY ('ID')
| |
| − | ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
| |
| − | | |
| − | Note that some of the values, such as '''REFRESH_TOKEN''' and '''AUTHORIZATION URL''', are not provided by the Azure portal. See the next step to get them.
| |
| − | | |
| − | == Step 2: Get Authorization URL ==
| |
| − | The authorization URL is a one-time authorization code. Get one by using AUTHORIZATION as base URL, client ID (i.e., the application ID), client secret (i.e., key), redirect URL (i.e., “http://localhost”), and API_URL (e.g., “https://brightpatterndev.crm.dynamics.com/api/data/v9.0”).
| |
| − | | |
| − | Like this:
| |
| − | <base_url>?grant_type=client_credentials&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&response_type=code&redirect_url=http://localhost& scope=offline_access&resource=<API_URL>
| |
| − | | |
| − | For example:
| |
| − | https://login.microsoftonline.com/7f3b7d01-a049-4dfd-9dbd-d394e711c3a0/oauth2/authorize? grant_type=client_credentials&client_id=dc40e7c1-86fa-484e-a38b-bec0d31c945a&client_secret=uxjgDon7fWbis1ijuCDwPifHooG4BV2lVTUFRGVttt4%3D&response_type=code&redirect_url=http://localhost&scope=offline_access&resource=https://brightpatterndev.crm.dynamics.com
| |
| − | | |
| − | This will return a one-time-use code at redirect URL. This code should not be saved in the database; it is only used once to obtain a refresh token:
| |
| − | | |
| − | http://localhost/?code=<CODE>&session_state=XXX
| |
| − | | |
| − | Now use this code to obtain access and refresh token by issuing a HTTP POST request to the token URL (i.e., “http://localhost”) with the following body:
| |
| − | redirect_uri=http://localhost&client_id<CLIENT_ID>&client_secret<CLIENT_SECRET>&grant_type=authorization_code&code=<CODE>
| |
| − | | |
| − | In response, the token service will return the following JSON encoded data:
| |
| − | | |
| − | {
| |
| − | "token_type":"Bearer",
| |
| − | "scope":"user_impersonation",
| |
| − | "expires_in":"3599",
| |
| − | "ext_expires_in":"3599",
| |
| − | "expires_on":"1548192804",
| |
| − | "not_before":"1548188904",
| |
| − | "resource":"https://<your.instance.name>.crm.dynamics.com",
| |
| − | "access_token":"XXX",
| |
| − | "refresh_token":"YYY",
| |
| − | "id_token":"ZZZ"
| |
| − | }
| |
| − | | |
| − | You only need '''refresh_token'''. Store it to the '''REFRESH_TOKEN''' field in the Configuration DB table.
| |
| − | | |
| − | == Step 4: Get access token to let Scenario Engine and Workflow Engine use CRM Web API ==
| |
| − | The server components will use refresh token from configuration to obtain an access token first. Access tokens typically expire within 1 hour by default.
| |
| − | | |
| − | Issue HTTP POST request to the <TOKEN_URL> with the following body:
| |
| − | | |
| − | client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&grant_type=refresh_token&refresh_token=<REFRESH_TOKEN>
| |
| − | | |
| − | In response, the token service will return the following JSON encoded data:
| |
| − | | |
| − | {
| |
| − | "token_type":"Bearer",
| |
| − | "scope":"user_impersonation",
| |
| − | "expires_in":"3599",
| |
| − | "ext_expires_in":"3599",
| |
| − | "expires_on":"1548192804",
| |
| − | "not_before":"1548188904",
| |
| − | "resource":"https://example.crm.dynamics.com",
| |
| − | "access_token":"XXX",
| |
| − | "refresh_token":"YYY"
| |
| − | }
| |
| − | | |
| − | == Step 5: Use the access token ==
| |
| − | Use the access token from the previous step to work with '''API_URL'' by adding an Authorization HTTP header with the following value:
| |
| − | | |
| − | Authorization: Bearer <access_token>
| |
| − | | |
| − | Once the access token expires, repeat the process to get a new access token.
| |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | </translate>
| |
