OAuth - Azure AD

joshbooker · January 25, 2019, 10:08pm

Atanas,

I broke out RadZen today to try to connect to CDS\DynamicsCRMOnline but I had no luck with OAuth. It works fine in Postman with the exact same parameters, but RadZen hangs with an blank auth pop-up:

Both requests are the same except Postman encodes the query string:

Postman:

GET /common/oauth2/v2.0/authorize?response_type=token&state=&client_id=55342314-c2d4-48a5-a72a-4ad90803d4a0&scope=https%3A%2F%2Fadmin.services.crm.dynamics.com%2Fuser_impersonation&redirect_uri=http%3A%2F%2Flocalhost%3A8000 HTTP/1.1

RadZen:

GET /common/oauth2/v2.0/authorize?client_id=55342314-c2d4-48a5-a72a-4ad90803d4a0&response_type=token&redirect_uri=http://localhost:8000/&scope=https://admin.services.crm.dynamics.com/user_impersonation HTTP/1.1

The response is indeed the same for both: 302 with access_token=...

I compared this to your MSGraph example and don’t see any difference in the OAuth setup. I’ve tried every way I know of – both OAuth and Azure AD options in RadZenand all sorts of different app reg in Azure AD.

I cannot get it to work in RadZen, yet it does indeed work in Postman.

Any ideas how to troubleshoot?

PS: I also cannot get the following to work in RadZen although it does pickup token in Postman (resource param provided instead of scope)

https://login.microsoftonline.com/common/oauth2/authorize?resource=https://org62bce5c9.crm.dynamics.com/&response_type=token&state=&client_id=51f81489-12ee-4a9e-aaae-a2591f45987d&scope=&redirect_uri=https%3A%2F%2Fcallbackurl

PSS: It would be nice if you could add a callback URL to the OAuth\AzureAD configuration. It seems RadZen assumes https://localhost:8000, correct?

PSS: I just restarted RadZen and now I get this:

Thank in advance for your advice. Have a great weekend!

korchev · January 26, 2019, 7:51am

Azure AD authentication has subtle differences from the OAuth standard. This is why Radzen has a separate kind of authentication supposed to handle Azure AD - it is the Azure AD option right after API Key.

Have you tried the official Radzen instructions for connecting to Dynamics CRM? Those are supposed to work.

joshbooker · January 26, 2019, 2:32pm

I did not see that article but yes I’ve tried the single tenant auth url with resource param. That too works in Postman but get blank pop up in RadZen.

korchev · January 26, 2019, 3:01pm

What happens when you try the instructions from the Radzen documentation? The first step (enabling JS access for the Dynamics app) is crucial. Postman isn't a browser and doesn't need the JS access. Unfortunately one cannot build an application with Postman - only test HTTP requests that do not obey the same origin policy which browsers follow.

joshbooker · January 26, 2019, 3:12pm

Those instructions are the same for registering any app in AzureAD. Unless I’m missing something I did the same as I always do for SPAs. Implicit flow is true etc etc. I did not do anything with CORS though. Is that where Postman differs? I just wish there was a way to know what failing in RadZen. I can see the token response so why the hang?

korchev · January 26, 2019, 3:48pm

We can't tell why the hang is happening until we reproduce it

I suggest you double check the Dynamics app registration steps. The app settings in the Azure portal should look like this:

CORS access is needed because browsers follow the same origin policy and will not make cross-domain HTTP requests from JavaScript unless the server supports CORS.

Then check your OData settings in Radzen. Should look like this:

joshbooker · January 26, 2019, 4:05pm

Thanks for your reply. My app Reg and OData settings match. I’ve tried dozens of times. Do I have to clear cache or close all browsers or something?

Maybe for CORS to work, you have to be using Adal.js, no?

korchev · January 26, 2019, 4:12pm

Radzen doesn't need Adal.js. Can you paste a screenshot of your OData settings from Radzen?

joshbooker · January 26, 2019, 4:27pm

This is a brand new app reg. the auth pops up then I login and it goes blank and hangs.

korchev · January 26, 2019, 4:29pm

I tried the settings from your original screenshot:

The login screen still appeared but displayed this error:

.

korchev · January 26, 2019, 4:33pm

Please paste the values from the configuration screen so I can try them locally:

Rest endpoint,
ClientID,
Authorization URL
Resource

joshbooker · January 26, 2019, 4:34pm

korchev · January 26, 2019, 4:37pm

Can you also temporarily give access to that resource to the atanas@radzen.com Live account? I want to try logging in to see what happens.

joshbooker · January 26, 2019, 4:56pm

Thanks again. Sent you creds via email.

korchev · January 28, 2019, 9:25am

This turned out to be a regression in Radzen - Azure AD authentication stopped working in design time. We will release a hotfix soon.

joshbooker · January 28, 2019, 1:55pm

Thanks. Perhaps affecting this post as well.

Andrew_Mee · September 3, 2022, 9:03am

Was there a fix for this as I get the same issue trying to connect to Dynamics, and postman works fine.