The authentication flow for the client credentials grant exchanges client credentials for the access token at the location specified by the TokenURI (TokenURI) option. Web-based login and consent are not required.
Note: For the client credentials grant, you must create an application user on your Dynamics 365 web instance. See "Creating an application user for the client credentials grant" for details.
To configure the driver to use a client credentials grant:
Set the Service URL (ServiceURL) option to the base URL of the Dynamics 365 instance to which you want to issue requests. For example, https://mywebinstance.api.crm.dynamics.com/api/data/v9.1/.
Set the Authentication Method (AuthenticationMethod) option to 24 (OAuth2). Since 24 (OAuth2) is the default, this value does not have to be specified in a connection URL used for OAuth 2.0 implementations.
Set the Client ID (ClientID) option to specify the client ID key for your application.
Set the Client Secret (ClientSecret) option to specify client secret for your application.
Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.
Set the Token URI (TokenURI) option. The value of Token URI must begin with the POST command followed by the token URI or the endpoint used to exchange authentication credentials for access tokens. For example:
Set the Scope (Scope) option when using the Microsoft Identity Platform (v2) to provision users and manage application access. The following example shows the scope for a Dynamics CRM instance. Scope specifies an OAuth scope or a space-separated list of OAuth scopes that limit the permissions granted by an access token. The following example shows the scope for a Dynamics CRM instance.
Note: The /.default scope is embedded in every application. It refers to a static list of permissions configured on the application registration. Refer to Microsoft Identity Plaform documentation for further details.
The following examples show the connection information required to establish a session using the client credentials grant.
Connection string
DRIVER=DataDirect 8.0 Microsoft Dynamics 365;
ServiceURL=https://mywebinstance.api.crm.dynamics.com/api/data/v9.1/;
ClientID=29453d6f-6789-25gh-gd8g-44tk3c527831;ClientSecret=12a3=bCD/EfGh4Ijk+Lm5P67qR8s=//TuV+WXy1Zabcd;
TokenURI=POST https://login.microsoftonline.com/common/oauth2/v2.0/token;
Scope=https://mywebinstance.api.crm.dynamics.com/.default;
Set the Service URL (ServiceURL) option to the base URL of the Dynamics 365 instance to which you want to issue requests. For example, https://mywebinstance.api.crm.dynamics.com/api/data/v9.1/.