Dynamics CRM 401 with token provided

3
votes

I'm working on a dynamics crm integration for a Single-Tenant Server-to-server authentication. This is required to obtain tokens invisibly as the data will be used to create customer facing ui.

Therefore I’m getting a token back from Azure using the client_credentials grant type. However when I attempt to use this token to access any dynamics endpoint (such as those documented here: https://msdn.microsoft.com/en-us/library/mt607871.aspx) All I get back is a 401 - access denied.

I’ve done the following:

  • Create an Azure application

  • Created and stored a key

  • Enabled permissions for Dynamics CRM online

I’ve seen some suggestion that I need a service user in the CRM itself to provide access, however when I try and create one the options described do not appear. (such as here: https://msdn.microsoft.com/en-us/library/mt790170.aspx#bkmk_ManuallyCreateUser )

Can you suggest any steps I might be missing here?

Heres a sample call using the token

{ method: 'GET',
url: 'https://<snip>/api/data/v8.2/accounts?$select=name&$top=3',
headers:
{ Authorization: 'Bearer <snip>',
Accept: 'application/json',
'OData-MaxVersion': '4.0',
'OData-Version': '4.0' }
}

EDIT: Please note that I am using node.js here and C# / .net based answers are probably not going to be massively helpful

1
node.jsazuredynamics-crm
creating the application user is required for "server to server" auth. What CRM version are you using and what role does your user have in CRM? - Matt Dearing
I am on version 8.2. At the moment I have no application user as when following the guide in the OP I seem to have no options to switch to the application user view. I am currently working with the administrator to work out if I have permission to take the action, but honestly just knowing where that option should be would be helpful at the moment. - tracer tong
Just to add the above, my own user has the roles system administrator and system customizer. I have read-write access and a professional licence. - tracer tong
Not sure why you can't create application users then. From CRM go to settings->security->Users. Flip the view from "Enabled Users" to "Application Users". Click the "New" button. When the user form loads change the form from "User" to "Application User" then you'll get the correct fields (like "Application Id"). - Matt Dearing

1 Answers

1
votes

Here is a post on how to configure server to server auth. Assuming you ran through all the steps except creating the application user, you can do so by:

  1. In CRM Navigate to Settings->Security->Users
  2. Change the view from "Enabled Users" to "Application Users"
  3. From the new user form change the form from "User" to "Application User".

enter image description here

You should now be able to create your application user.