Business Central OAuth2.0 Authentication – Access granted by Token
OAuth2 authentication method, this type of connection can be used to connect to Business Central Admin APIs; the system to access the exposed APIs services uses a token issued by the access procedure, it is possible to use different ways to get the token released.
How to retrieve tokens…
In recent development courses (about 50 people) we showed how to get the tokens from Powershell, C#, PHP, OpenID and other systems. Microsoft is working on these things (hot topic) providing ready-made examples of various kinds, now also on the service to service access (from 18.3)
In our case, however, I want to illustrate how it is possible to use Microsoft AL directly and through an AL Codeunit to retrieve and manage the token to update the APP from the Marketplace.
The example APP uses the HUB \ Environments management to store the access credentials and obtain the tokens needed to call the APIs (it’s just an example … beware of security!, use in Sandboxes!)
My Old Post
General link for access to the ADMIN APIs: This link does not indicate the general root that it is https://api.businesscentral.dynamics.com/
ADMIN APIs – used in our example
- availableUpdates Retrieve all available updates available
- Update Launch Apps Update
List of updates available for APPs with “GET”
Launch of APP updates with “POST”
Since the second call is a POST I have to pass parameters in the body of the call which are the following:
“useEnvironmentUpdateWindow“: false/true, // If set to true, the operation will be executed only in the environment update window. It will appear as “scheduled” before it runs in the window.
“targetVersion“: “188.8.131.52”, // Always required. There’s no option to update to the latest. You have to first do a “availableAppUpdates”, call then use the version here.
“installOrUpdateNeededDependencies“: false/true, // Value indicating whether any other app dependencies should be installed or updated; otherwise, information about missing app dependencies will be returned as error details
OAuth 2.0 Gettoken in AL Codeunit – EXAMPLE
Update all updatable apps in one step
SCENARIO “AS IS” – many Apps to Update
Put Credentials (and use)
Create a table to store the access credentials: “XXXXX SANDBOX” is the key of the instance to be updated; the token will be generated to log in with OAuth2.
How the procedure “update apps” works:
- Generate the TOKEN
- Download the list of apps where an update exists
- Get appID and version from the list above with call GET
- Sequentially launch all the updates with a POST type CALL where in the body of the call there are some parameters including the new version and if it should install the dependencies and other things.
Example of Configuration:
TEST “Up to date” status for ALL APPS in Admin Console
Once this is done go to the Admin Console panel and check if the updates have started, you can see that they have actually been launched (ALL is “Up to Date”)
GET TOKEN FROM AL CODEUNIT
OAuth2.AcquireTokensWithUserCredentials(MicrosoftOAuth2Url, Client_Id, Scopes, UserEmail, pwd, AccessToken, idToken);
In the codeunit below you will find how to generate and use the Token, then find under the APP published on GitHub.
Certainly nothing more \ or better than Microsoft is already doing these days, but it could be useful to use it.
After acquiring the token, we proceed to update the APPs declared by the list as “updatable” through a loop
Ready to use APP is on GITHUB
GET TOKEN BY POWERSHELL
$token = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($ctx, “https://api.businesscentral.dynamics.com”, <Application ID>, $cred).GetAwaiter().GetResult().AccessToken
My Old Post
Microsoft BCTech –AdminCenterAPI
Microsoft standard Samples
BUSINESS CENTRAL ADMIN CENTER