oauth-2.0azure-active-directoryodatamicrosoft-dynamicsphp-curl
401 on OData call to D365FO
I'm trying to make an OData call to retrieve a D365FO data entity.
https://[root_URL]/data/CostGroups
When logged into D365FO in my browser, this call works.
- I'm working in PHP.
- I've registered my app in Azure Active Directory.
- I've provided my app the https://erp.dynamics.com/Connector.FullAccess API permission.
- I've registered my app in D365FO with a user that has admin privileges (the same user used for the successful browser call).
- I am able to acquire an authentication token.
- Its "aud" field is "https://erp.dynamics.com"
- Its "appid" field matches that of the app's Azure AD registration
- Its "roles" field includes only "Connector.FullAccess"
- I'm using curl in PHP to make the OData GET request. I use the URL listed above and my headers are
curl_setopt($curl, CURLOPT_HTTPHEADER, [
'Accept: application/json',
'OData-MaxVersion: 4.0',
'OData-Version: 4.0',
'Authorization: Bearer ' . $this->accessToken
]);
Response is "401 Unauthorized"
Does anyone know what's going wrong or how I can find more information about the failure? Is there anywhere in D365FO I can look for logs of my attempts?
Solution
The resource seems to be incorrect. It should be the base URL of the instance without the trailing '/'.
Your "aud" field is https://erp.dynamics.com. In this case, it should be your [root URL]. Like this:
Check your resource when you post a request to https://login.microsoftonline.com/[tenant ID]/oauth2/token.
- Error 400: invalid_scope with Postman and Google OAuth2
- Issues Adding SMTP.Send Permission to Azure Application for Office 365 SMTP
- PHP - How to get OAuth 2.0 Token
- UPS Outh Rating API return Invalid Authentication Information
- How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )
- How to get Optum sandbox to authenticate with OAuth 2.0 using Java and okhttp
- Spring Boot redirection back to login page
- New Google place api using google OAuth, ask failed to refresh token
- Getting OAuth code challenge on loopback server
- How do I solve audience (aud) invalid claim error for downstream api service?
- oauth 2 parameters can only have a single value: scope
- #oauth2 security expressions on method level
- Calling spring authorization server OAuth2 REST endpoints
- Google AdWords API authorization raising AdsCommon::Errors::AuthError
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Passport - Node.js not returning Refresh Token
- AWS Cognito: Missing Scopes in Access Token with Custom UI and Device Remember Functionality for MFA
- Cross-client Google OAuth: Get auth code on iOS and access token on server
- How to generate GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET without a domain?
- Spring Gateway and OAuth
- OAuth Client Credential Flow - Refresh Tokens
- Django OAuth2 Authentication Failing in Unit Tests - 401 'invalid_client' Error
- Add OAuth authentication for HTTP request triggers
- OAuth2 implementation and user management Django
- How to enable a submit button if form fields are auto-filled by the browser using saved credentials on page load?
- AADSTS70000 Error When Requesting for Access Token
- Is storing an OAuth token in cookies bad practice?
- Spring OAuth2 client performs Back-Channel Logout with an expired ID token
- I/O error on GET request for "https://localhost/application/o/{name}/.well-known/openid-configuration": Connection refused
- Restrict Microsoft Azure App OAuth2.0 to Internal Users