Implementing OData API authorisation in Business Central v17.x (Part 2 integration with Xamarin)

ODATA

Good news: the medieval webkey authentication for Business Central API has finally been deprecated.

In this first article I presented a little overview of the secure and modern OAuth protocol with a “delegated permission” sample.

In this article I describe an “Application permissions” implementation for an application that runs as a background service or daemon without a signed-in user. I am going to describe how I refactored an existing Xamarin mobile application that is currently directly getting and posting data to Business Central APIs.

IT’S TIME TO MOVE TO AZURE

Login in Azure Portal https://portal.azure.com/ , go to “All Services”, search “App Registration” and select “App registrations” list item.

Create a new registration.

Configure your application registration name and the redirect URI As Web with the URL “https://businesscentral.dynamics.com/”.

Or even better “https://businesscentral.dynamics.com/OAuthLanding.htm

Note down the “Application (client) ID” GUID, this is the “CLIENT ID” we are going to use in Insomia.

Select “API permission” blade,

Configure as in picture, this time we are going to use a different kind of permissions: “Application permission”.

Go the “Certificate and secrets” blade.

Add a new “Client secret”

The “Client secret” and “Secret ID” will be generated,

Please notice that the “Client secret” is shown in clear text ONLY after the first generation and it will NEVER EVER be shown again. If lost you will need to generate a new one. There is not way to recover an existing “Client secret”.

Copy the “Value”, we are going to use it in Insomia as “CLIENT SECRET”.

TEST WITH INSOMNIA

Here are all mandatory parameters to make an OATH request:

Token-Name: Give the appropriate Token Name
Grant Type: Authorization Code

Callback URL: https://businesscentral.dynamics.com/

Auth URL:
https://login.windows.net/<tenant_id>/oauth2/authorize?resource=https://api.businesscentral.dynamics.com
Access Token URL:
https://login.windows.net/<tenant_id>/oauth2/token?resource=https://api.businesscentral.dynamics.com

Client ID: Client ID as in “ID” column in azure
Client Secret: Client Secret Value as in “Value” column in azure.

By using Insomnia you easily test the API:

The well known Microsoft Azure AD web page appears asking for the username.

And the password.. and it’s done.

XAMARIN SOURCES

Will post in a couple of days a sample Xamarin App that gets a list of customers from BC17x API by using OData authorisation. Stay tuned.

SOURCES

Olisterr Tech blog

https://www.olisterr.tech/2020/12/setting-up-oauth-authentication-for.html

Arend-Jan Kauffmann

How to Authenticate Through Azure Active Directory (AAD) to Use Microsoft Dynamics 365 Business Central API: https://www.1clickfactory.com/blog/how-to-authenticate-through-azure-active-directory-to-use-business-central-api/

OAuth Explained with Xamarin.Forms: https://www.codementor.io/@ravitejalingineni/oauth-explained-with-xamarin-forms-q2zomkhda

Adding Auth to your Xamarin.Forms App – Part 2: https://www.heyraviteja.com/post/projects/xam-forms-oauth-part2/

LAST UPDATED

25th of December, 2020

One thought on “Implementing OData API authorisation in Business Central v17.x (Part 2 integration with Xamarin)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s