Invalid token generating from service-principal and secret based login method

0
votes
  1. Configured service principal and trying to use the token received from the method to hit customer insights API.

https://api.ci.ai.dynamics.com/v1/instances/{instanceId}/profilestore/stateinfo

Above API requires bearer token as header for authorization.

Token receiving from auth response is invalid and not accepting by Customer Insights API.

msRestNodeAuth.loginWithServicePrincipalSecretWithAuthResponse(clientId, secret, 
tenantId).then((authres) => {
console.dir(authres, { depth: null })
}).catch((err) => {
console.log(err);
});

enter image description here

  1. Also, tried the another method of getting access token using this endpoint Still the token we are receiving are not getting accepted by customer insights.

    'https://login.microsoftonline.com/'tenantid'/oauth2/v2.0/token';

1
azureazure-active-directorymicrosoft-dynamics
The resource in the response indicates the token is for Azure's ARM API. Can you somehow specify the resource/scope to that library? It needs to match the API you are trying to call. You could also try using MSAL.js instead of that library.juunas
if we give scope in azure app registration, it is not working and not able to send scope parameter in library. is there any approach or sample to specify the resource/scope. i am new to the azure.Rcg Zone

1 Answers

0
votes

Try to follow this article: https://docs.microsoft.com/en-us/dynamics365/customer-insights/audience-insights/apis

If you request the token with client credentials flow, it's need to add the application permission.

enter image description here

You could test in Postman using the scope(resource) https://azurecustomerinsights.com/.

POST https://login.windows.net/{tenant-id}/oauth2/token
Content-Type: application/x-www-form-urlencoded

client_id={}
&resource=https://azurecustomerinsights.com/
&client_secret={}
&grant_type=client_credentials

Server to Server via Client Credentials, see here:

var adal = require('adal-node').AuthenticationContext;

var authorityHostUrl = 'https://login.windows.net';
var tenant = 'myTenant';
var authorityUrl = authorityHostUrl + '/' + tenant;
var clientId = 'yourClientIdHere';
var clientSecret = 'yourAADIssuedClientSecretHere'
var resource = 'https://azurecustomerinsights.com/';

var context = new AuthenticationContext(authorityUrl);

context.acquireTokenWithClientCredentials(resource, clientId, clientSecret, function(err, tokenResponse) {
  if (err) {
    console.log('well that didn\'t work: ' + err.stack);
  } else {
    console.log(tokenResponse);
  }
});