I'm trying to connect to Microsoft Dynamics Marketing OData Data Service. This page lists the OData feeds for ready-only access, but does not have any information about how to authenticate against it.
I have been trying to acquire an Access Token using Microsoft.IdentityModel.Clients.ActiveDirectory -Version 1.0.4 like this:
var authenticationContext = new AuthenticationContext("https://login.windows.net/" + domainName);
var authenticationResult = authenticationContext.AcquireToken(resource, clientId, redirectUri);
var token = authenticationResult.AccessToken;
The domainName
is like contoso.onmicrosoft.com
but I do not know what to use for the clientId
, redirectUri
, resource
.
I have tried many different combinations and have had errors such as:
invalid_request: AADSTS90027: The client 'xxxxxxxx-9068-486b-bdd2-dac26b8a5a7a' and resource 'Microsoft.DynamicsMarketing' identify the same application.
and
access_denied: AADSTS65005: The client application has requested access to resource 'Microsoft.DynamicsMarketing'. This request has failed because the client has not specified this resource in its requiredResourceAccess list.
I think I am close with this. I have registered an application in Azure AD as a Native Client App and used its clientId
and redirectUri
with Microsoft.DynamicsMarketing
as the resource. I found this from the Service Principal listing, Get-MsolServicePrincipal
using the "Windows Azure Active Directory Module for Windows PowerShell".
Are these the correct parameters and I just need to sort out permission some how or am I way off?
Update
The correct resource
is https://marketing-infra.dynamics.com/
which is one of the service principal names listed as is the previous one I used Microsoft.DynamicsMarketing
. This works with the clientId
and redirectUri
that I captured from Fiddler from Power Query. I am pretty certain that to get it working with my clientId I need to give Dynamics Marketing permissions in the Azure Application Registration, "permissions to other applications". The problem is Dynamics Marketing is not an application that is available to add and the Dynamics CRM delegate permissions does not have a role for Dynamics Marketing.
I got the answer from Microsoft that clients other then Power Query are not supported. So the code I have above is correct and there is not yet support for adding permission to access it with other applications.