Skip to content

Client Credentials Authorization flow

Tldr

  1. Prerequisite: a registered App in Microsoft Entra that has the correct permissions. Get the client_id, the client_secret, the redirect_uri and the scope from the app
  2. in the browser, call

    https://login.microsoftonline.com/common/oauth2/authorize?client_id={{client_id}}&response_type=code&redirect_uri={{redirect_uri}}&response_mode=query&prompt=consent
    

    replacing client_id and redirect_uriaccording to your App. You will receive an authorization code. You might need to remove the prompt=consent in case you don't have Admin rights and did not change the permission.

  3. in postman, POST

    https://login.microsoftonline.com/{{tenant}}/oauth2/v2.0/token
    

    providing the following form data:
    oauth-authorize-postman.png
    The scopes are:

    1. for azure: https://management.azure.com/.default offline_access
    2. for Power BI: https://analysis.windows.net/powerbi/api/.default offline_access
    3. for BC, the scope is: https://api.businesscentral.dynamics.com/.default
  4. the grant_type is authorization_code (NOTE: for BC this is client_credentials)

  5. copy the access_token and the refresh_token. Store the refresh_token in departments/delivery/knowledge-base/azure/key-vault/key-vault

In this flow, we don't have an authorization code. Instead