OAuth - Azure AD


#1

Atanas,

I broke out RadZen today to try to connect to CDS\DynamicsCRMOnline but I had no luck with OAuth. It works fine in Postman with the exact same parameters, but RadZen hangs with an blank auth pop-up:

Both requests are the same except Postman encodes the query string:

Postman:

GET /common/oauth2/v2.0/authorize?response_type=token&state=&client_id=55342314-c2d4-48a5-a72a-4ad90803d4a0&scope=https%3A%2F%2Fadmin.services.crm.dynamics.com%2Fuser_impersonation&redirect_uri=http%3A%2F%2Flocalhost%3A8000 HTTP/1.1

RadZen:

GET /common/oauth2/v2.0/authorize?client_id=55342314-c2d4-48a5-a72a-4ad90803d4a0&response_type=token&redirect_uri=http://localhost:8000/&scope=https://admin.services.crm.dynamics.com/user_impersonation HTTP/1.1

The response is indeed the same for both: 302 with access_token=...

I compared this to your MSGraph example and don’t see any difference in the OAuth setup. I’ve tried every way I know of – both OAuth and Azure AD options in RadZenand all sorts of different app reg in Azure AD.

I cannot get it to work in RadZen, yet it does indeed work in Postman.

Any ideas how to troubleshoot?

PS: I also cannot get the following to work in RadZen although it does pickup token in Postman (resource param provided instead of scope)

https://login.microsoftonline.com/common/oauth2/authorize?resource=https://org62bce5c9.crm.dynamics.com/&response_type=token&state=&client_id=51f81489-12ee-4a9e-aaae-a2591f45987d&scope=&redirect_uri=https%3A%2F%2Fcallbackurl

PSS: It would be nice if you could add a callback URL to the OAuth\AzureAD configuration. It seems RadZen assumes https://localhost:8000, correct?

PSS: I just restarted RadZen and now I get this:

Thank in advance for your advice. Have a great weekend!


#2

Azure AD authentication has subtle differences from the OAuth standard. This is why Radzen has a separate kind of authentication supposed to handle Azure AD - it is the Azure AD option right after API Key.

Have you tried the official Radzen instructions for connecting to Dynamics CRM? Those are supposed to work.


#3

I did not see that article but yes I’ve tried the single tenant auth url with resource param. That too works in Postman but get blank pop up in RadZen.


#4

What happens when you try the instructions from the Radzen documentation? The first step (enabling JS access for the Dynamics app) is crucial. Postman isn't a browser and doesn't need the JS access. Unfortunately one cannot build an application with Postman - only test HTTP requests that do not obey the same origin policy which browsers follow.


#5

Those instructions are the same for registering any app in AzureAD. Unless I’m missing something I did the same as I always do for SPAs. Implicit flow is true etc etc. I did not do anything with CORS though. Is that where Postman differs? I just wish there was a way to know what failing in RadZen. I can see the token response so why the hang?


#6

We can't tell why the hang is happening until we reproduce it :slight_smile:

I suggest you double check the Dynamics app registration steps. The app settings in the Azure portal should look like this:

CORS access is needed because browsers follow the same origin policy and will not make cross-domain HTTP requests from JavaScript unless the server supports CORS.

Then check your OData settings in Radzen. Should look like this:


#7

Thanks for your reply. My app Reg and OData settings match. I’ve tried dozens of times. Do I have to clear cache or close all browsers or something?

Maybe for CORS to work, you have to be using Adal.js, no?


#8

Radzen doesn't need Adal.js. Can you paste a screenshot of your OData settings from Radzen?


#9

This is a brand new app reg. the auth pops up then I login and it goes blank and hangs.


#10

I tried the settings from your original screenshot:

The login screen still appeared but displayed this error:

.


#11

Please paste the values from the configuration screen so I can try them locally:

Rest endpoint,
ClientID,
Authorization URL
Resource


#12


#14

Can you also temporarily give access to that resource to the atanas@radzen.com Live account? I want to try logging in to see what happens.


#15

Thanks again. Sent you creds via email.


#16

This turned out to be a regression in Radzen - Azure AD authentication stopped working in design time. We will release a hotfix soon.


#17

Thanks. Perhaps affecting this post as well.