<translate>
Enable Data Access from Scenarios
This procedure describes how to enable (i.e., authenticate and authorize) Bright Pattern scenario blocks to be used with Dynamics 365 data via Microsoft's Web API.
Before proceeding, be sure to complete the Web API access configuration steps.
Step 1: Sign in to the Azure portal and get configuration values
The following configuration (Configuration DB table) will be needed by the Bright Pattern Scenario Engine in order to use the CRM Web API. These configuration values should be provided by the Azure portal.
CREATE TABLE 'ms_dynamics_365_data' (
'ID' varchar(255) NOT NULL,
'VERSION' bigint(20) DEFAULT NULL,
'DEFAULT_ACCOUNT' tinyint(1) NOT NULL DEFAULT '0',
'TENANT_ID' varchar(255) NOT NULL,
'NAME' varchar(255) NOT NULL,
'CLIENT_ID' varchar(255) NOT NULL,
'CLIENT_SECRET' varchar(255) DEFAULT NULL,
'REFRESH_TOKEN' longtext NOT NULL, (encrypted)
'AUTHORIZATION_URL' varchar(255) NOT NULL,
'TOKEN_URL' varchar(255) NOT NULL,
'API_URL' varchar(255) NOT NULL,
PRIMARY KEY ('ID')
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Note that some of the values, such as REFRESH_TOKEN and AUTHORIZATION URL, are not provided by the Azure portal. See the next step to get them.
Step 2: Get Authorization URL
The authorization URL is a one-time authorization code. Get one by using AUTHORIZATION as base URL, client ID (i.e., the application ID), client secret (i.e., key), redirect URL (i.e., “http://localhost”), and API_URL (e.g., “https://brightpatterndev.crm.dynamics.com/api/data/v9.0”).
Like this:
<base_url>?grant_type=client_credentials&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&response_type=code&redirect_url=http://localhost& scope=offline_access&resource=<API_URL>
For example:
https://login.microsoftonline.com/7f3b7d01-a049-4dfd-9dbd-d394e711c3a0/oauth2/authorize? grant_type=client_credentials&client_id=dc40e7c1-86fa-484e-a38b-bec0d31c945a&client_secret=uxjgDon7fWbis1ijuCDwPifHooG4BV2lVTUFRGVttt4%3D&response_type=code&redirect_url=http://localhost&scope=offline_access&resource=https://brightpatterndev.crm.dynamics.com
This will return a one-time-use code at redirect URL. This code should not be saved in the database; it is only used once to obtain a refresh token:
http://localhost/?code=&session_state=XXX
Now use this code to obtain access and refresh token by issuing a HTTP POST request to the token URL (i.e., “http://localhost”) with the following body:
redirect_uri=http://localhost&client_id<CLIENT_ID>&client_secret<CLIENT_SECRET>&grant_type=authorization_code&code=
In response, the token service will return the following JSON encoded data:
{
"token_type":"Bearer",
"scope":"user_impersonation",
"expires_in":"3599",
"ext_expires_in":"3599",
"expires_on":"1548192804",
"not_before":"1548188904",
"resource":"https://<your.instance.name>.crm.dynamics.com",
"access_token":"XXX",
"refresh_token":"YYY",
"id_token":"ZZZ"
}
You only need refresh_token. Store it to the REFRESH_TOKEN field in the Configuration DB table.
Step 4: Get access token to let Scenario Engine and Workflow Engine use CRM Web API
The server components will use refresh token from configuration to obtain an access token first. Access tokens typically expire within 1 hour by default.
Issue HTTP POST request to the <TOKEN_URL> with the following body:
client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&grant_type=refresh_token&refresh_token=<REFRESH_TOKEN>
In response, the token service will return the following JSON encoded data:
{
"token_type":"Bearer",
"scope":"user_impersonation",
"expires_in":"3599",
"ext_expires_in":"3599",
"expires_on":"1548192804",
"not_before":"1548188904",
"resource":"https://example.crm.dynamics.com",
"access_token":"XXX",
"refresh_token":"YYY"
}
Step 5: Use the access token
Use the access token from the previous step to work with 'API_URL by adding an Authorization HTTP header with the following value:
Authorization: Bearer <access_token>
Once the access token expires, repeat the process to get a new access token.
</translate>
< Previous | Next >