I broke out RadZen today to try to connect to CDS\DynamicsCRMOnline but I had no luck with OAuth. It works fine in Postman with the exact same parameters, but RadZen hangs with an blank auth pop-up:
Both requests are the same except Postman encodes the query string:
Postman:
GET /common/oauth2/v2.0/authorize?response_type=token&state=&client_id=55342314-c2d4-48a5-a72a-4ad90803d4a0&scope=https%3A%2F%2Fadmin.services.crm.dynamics.com%2Fuser_impersonation&redirect_uri=http%3A%2F%2Flocalhost%3A8000 HTTP/1.1
RadZen:
GET /common/oauth2/v2.0/authorize?client_id=55342314-c2d4-48a5-a72a-4ad90803d4a0&response_type=token&redirect_uri=http://localhost:8000/&scope=https://admin.services.crm.dynamics.com/user_impersonation HTTP/1.1
The response is indeed the same for both: 302 with access_token=...
I compared this to your MSGraph example and don’t see any difference in the OAuth setup. I’ve tried every way I know of – both OAuth and Azure AD options in RadZenand all sorts of different app reg in Azure AD.
I cannot get it to work in RadZen, yet it does indeed work in Postman.
Any ideas how to troubleshoot?
PS: I also cannot get the following to work in RadZen although it does pickup token in Postman (resource param provided instead of scope)
Azure AD authentication has subtle differences from the OAuth standard. This is why Radzen has a separate kind of authentication supposed to handle Azure AD - it is the Azure AD option right after API Key.
I did not see that article but yes I’ve tried the single tenant auth url with resource param. That too works in Postman but get blank pop up in RadZen.
What happens when you try the instructions from the Radzen documentation? The first step (enabling JS access for the Dynamics app) is crucial. Postman isn't a browser and doesn't need the JS access. Unfortunately one cannot build an application with Postman - only test HTTP requests that do not obey the same origin policy which browsers follow.
Those instructions are the same for registering any app in AzureAD. Unless I’m missing something I did the same as I always do for SPAs. Implicit flow is true etc etc. I did not do anything with CORS though. Is that where Postman differs? I just wish there was a way to know what failing in RadZen. I can see the token response so why the hang?
CORS access is needed because browsers follow the same origin policy and will not make cross-domain HTTP requests from JavaScript unless the server supports CORS.
Then check your OData settings in Radzen. Should look like this: