Hello dev community
we are implementing a forge oauth2 provider against MS Dynamics CRM.
Sofar for it is possible to connect the forge provider with
microsoftonline.com/.../oauth2/../token etc. and get the profile info .
BUT we need a scope to access the CRM and with this scope it’s not possible to obtain the profile from
graph.microsoft.com or are we missing something here ?
Any hint would be great to point us in the right direction before we say, it’s not possible to do.
We can only get one scope (-> audience) but need two, so it’s not possible.
Thank you everybody and have a nice day out there
March 10, 2023, 11:18am
I’ve worked with the Microsoft Graph in the past and
remember having to build an OAuth authorize URL like this:
Note that with the MS Graph, you can just add the correct scope when you build the authorize URL.
So, back to MS Dynamics CRM…
From reading this:
I can see that the authorize URLis:
And the scope used in the example is
https://your-instance.crm6.dynamics.com/user_impersonation. This will likely be different for every tenant (of Forge and MS Dynamics CRM).
I hope this helps.
thank you for this detailed explanations.
All what you write is correct, but it does not help to solve the issue that I need to get a token thats let me access the graph api to get the user profile and then use this token to access MS Dynamics CRM. It looks like this is what the forge provider module does. I can either access MS Dynamics CRM OR MS Graph, but for the forge provider I need the Graph scope to get the profile and therefore can then not access the Dynamics CRM with that scope.
This is my problem, if this is doable with forge provider, maybe it is not.
Thank you in advance,
March 10, 2023, 12:27pm
@BenjaminCJohn yeah, sorry no help with Forge, but hopefully a little with MS Graph.
My guess is that you’ll need to roll your own auth and save to forge storage. You may even need Connect on Forge so that you can ensure ownership of the host for the redirect url