User Review
( votes)In the previous post we covered Password and Client Credentials grant type, here we’d be looking at the Authorization Code Grant Type.
The Authorization Code Grant Type is for the Confidential Clients i.e. basically for the server side web applications that are written in server side language and source code is not available to the public. So these application can use client secret when requesting token with authorization server. We can also have Single-Page Apps, who have their entire source available to the browser, and that cannot maintain the confidentiality of the Client Secret, use the same flow for getting the authorization code and in the step when requesting for access token pass only the client id and authorization code without using client secret.
In Authorization Code Grant Flow
- The client application redirect the user agent to the Azure AD Authorization Endpoint.
Mainly it passes below values to the
| response_type | code |
| client_id | Application Id |
| redirect_uri | Redirect URI specified. |
To
- The user authenticates and consents the client application
- The Azure AD authorization endpoint redirects the user agent back to client application with an authorization code at the redirect URL (i.e. code query parameter)
- The client application uses this authorization code to request the access token from the authentication token endpoint by passing resource, client_id, grant_type = “authorization_code”, code and redirect_uri as shown below.
- The Azure AD issues the access token, which the client application can use to call the Web API.
For our sample code to work: –
First Register the Application with Azure Active Directory to get the ClientId.
Get the authorization and token end point. Navigate to Overview and click on Endpoint to get these endpoints.
Also specify a Redirect URI for the application.
Navigate to Authentication and select the suggested Redirect URI.
Below is the sample C# Code: –
static void Main(string[] args)
{
// Dynamics CRM Online Instance URL
string resource = "https://bankfabdemo.crm.dynamics.com"; // application id
var clientId = "eb17e844-adfc-4757-ba6d-5384108e184a"; // redirect URL
var redirectURI = "https://login.microsoftonline.com/common/oauth2/nativeclient"; // Authenticate the registered application with Azure Active Directory.
AuthenticationContext authContext =
new AuthenticationContext("https://login.microsoftonline.com/bd88124a-ddca-4a9e-bd25-f11bdefb3f18/"); AuthenticationResult authResult = authContext.AcquireToken(resource, clientId, new Uri(redirectURI));
var accessToken = authResult.AccessToken; // use HttpClient to call the Web API
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Add("OData-MaxVersion", "4.0");
httpClient.DefaultRequestHeaders.Add("OData-Version", "4.0");
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); httpClient.BaseAddress = new Uri("https://bankfabdemo.crm.dynamics.com/api/data/v9.0/"); var response = httpClient.GetAsync("WhoAmI").Result;
if (response.IsSuccessStatusCode)
{
var userDetails = response.Content.ReadAsStringAsync().Result;
} }
Within Postman :
Click on Request Token, login and give consent à
The token à
Hope it helps..
