PL 400 : perform authentication by using OAuth (Use platform APIs)

With the advancement of technology era, identity authentication is the major challenge in the computer world. Modern business cannot be imagined with computers, software and data. Nowadays, cloud computing technology is augmenting the model and technocrats are trying to find a solution to the authentication problem. In other words, they are trying to reach the right people at the right time. Authentication is not a new concept in the modern technology world.

Authentication is the process of recognizing a user's identity.


In April 2007, a group of talented people formed a group called the OAuth Discussion Group and drafted a proposal for an open protocol and gradually published a new open framework for identifying them. Nowadays, OAuth 2.0 framework is available for authentication.

OAuth stands "Open Authorization".

OAuth 2.0 is a framework, not a protocol (like version 1.0) that allows third party services to exchange user information without sharing any information. OAuth is a delegated authorization framework for REST APIs, which enables apps to have limited access to a user's data without providing the user's password.

Microsoft Dataverse uses OAuth 2.0 as its authorization standard. OAuth provides an industry-standardized mechanism for authenticating client applications against a resource. OAuth determines whether they are authorized to access the resources. Client applications must support the use of OAuth to access data using the Web API. OAuth enables two-factor authentication (2FA) or certificate-based authentication for server-to-server application scenarios.

OAuth requires an identity provider for authentication. For Dataverse, the identity provider is Azure Active Directory (AAD). To authenticate with AAD using a Microsoft work or school account, use the Azure Active Directory Authentication Libraries (ADAL) or Microsoft Authentication Library (MSAL).



When we connect using OAuth we must register an application in Azure AD tenant and define the types of applications. There are two types of applications we can register:

  • Web App/API : A type of client application that executes all code on a web server
  • Native: A type of client application that is installed natively on a device.

When we select Web app /API we must provide a Sign-On URL which is the URL where Azure AD will send the authentication response, including a token if authentication was successful. While we develop an app, this is usually set to https://localhost/appname:[port] so we can develop and debug  app locally. When we publish app, we need to change this value to the published URL of the app.

Comments

Popular posts from this blog

Exploring the Differences: Managed vs. Unmanaged Solutions in Dynamics CRM/Dataverse

PCF vs. Web Resources: Choosing the Right Extensibility Tool for Dataverse

Effective Strategies for Debugging Plugins in Dynamics CRM