User Review
( votes)The ROPC grant type should only be used in scenario when the Client application is absolutely trusted with user credentials and when redirect based flow are not possible. It was introduced for the Legacy Application for quick migration and is now more or less considered obsolete by OAuth Working group, and ideally should not be used.
In this flow, User enters his credentials (username and password) in the client application, when is then sent to Token Endpoint of the Authorization Server for Access Token request. The client application then gets the access token and call/request the protected resources (Web API) and get response. Here we remove the user from the authorization process and are not using the Authorization endpoint at all. The apps using this flow will lose the benefits of multi-factor authentication MFA and Single Sign-On.
Request à
client_id | Client id of the app registered in Azure Active Directory.
We can also use the default client id – “2ad88395-b77d-4561-9441-d0e40824f9bc” – which is setup against Dynamics 365 Online instances. https://www.crmviking.com/2017/08/piggybacking-on-msdyn365.html |
username | User’s username |
password | User’s password |
grant_type | password |
resource | Dynamics 365 URL |
Sample C# Code à
Create the console application and add the following Nuget Package
static void Main(string[] args) { // Dynamics CRM Online Instance URL string resource = "https://bankfabdemo.crm.dynamics.com"; // ID of the Application Registered // "2ad88395-b77d-4561-9441-d0e40824f9bc" - Default Client Id which is setup against Dynamics 365 Online instances. string clientId = "2ad88395-b77d-4561-9441-d0e40824f9bc"; // username and password of the user UserCredential userCrendential = new UserCredential("nishantrana@bankfabdemo.onmicrosoft.com", "*******"); // Authenticate the registered application with Azure Active Directory. // Token URL - https://login.microsoftonline.com/common/oauth2/token AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/common"); AuthenticationResult authResult = authContext.AcquireToken(resource, clientId, userCrendential); var accessToken = authResult.AccessToken; // use HttpClient to call the Web API HttpClient httpClient = new HttpClient(); httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0"); httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0"); httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); httpClient.BaseAddress = new Uri("https://bankfabdemo.crm.dynamics.com/api/data/v9.0/"); var response = httpClient.GetAsync("WhoAmI").Result; if (response.IsSuccessStatusCode) { var userDetails = response.Content.ReadAsStringAsync().Result; } }
The result: –
Inside Fiddler à
Hope it helps..