I am trying out implicit flow using adal js. I have created a dynamics 365 trial instance and under the Azure AD of that instance I have created an app registration. My single page application does the following,
When the user tries go to the home page, it redirects the user to https://login.microsoftonline.com/common/oauth2/authorize where the user successfully logs in.
After the log in I am using the getToken to get the token from the adal service class.
import {AuthenticationContext, withAdalLogin} from 'react-adal';
import ProjectConstant from './data/projectconstant'
export const authContext = new AuthenticationContext(ProjectConstant.adalSet);
export const acquireToken = (func) =>
authContext.acquireToken(ProjectConstant.adalSet.endpoints.api, func);
export const getToken = () =>{
let token = authContext.getCachedToken(ProjectConstant.adalSet.clientId);
if(authContext.getCachedUser() == null || token == null){
authContext.login();
}
return authContext.getCachedToken(ProjectConstant.adalSet.clientId);
}
export const withAdalLoginApi = withAdalLogin(authContext, ProjectConstant.adalSet.endpoints.api);
I use this token to perform a query against the trial dynamics 365 instance and I am given 401 error the code that does the fetch is below,
export const SearchAccount = () =>{
var token = getToken();
console.log("Token is" + token );
let url = "<trial>/api/data/v9.0/accounts";
fetch(url, {
method: 'get',
headers: new Headers({
'Authorization': 'Bearer '+ token,
'Accept' : 'application/json',
//'Cache-Control' : 'no-cache',
'Content-Type': 'application/json; charset=utf-8',
'OData-MaxVersion' : '4.0',
'OData-Version' :'4.0',
})})
.then(result => console.log(result));
}
I can use a different browser and after I log in to the trial instance physically, I can copy paste the same url above in a different tab and it shows all the data normally. however if i do the same thing on the browser where the app is running, I get 401 on the new tab.
I can also use postman by following these steps, https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/webapi/setup-postman-environment and be presented with data.
The app (user) has correct level of privilege in the instance. The only thing that is different in each three conditions is the token I have generated but if the token is wrong should I not get a forbidden error? I am not sure what am i doing wrong