The credentials provided are incorrect BC Oauth 2 (with token)

James French 11 Reputation points
2021-05-19T18:08:36.73+00:00

Hello Experts, I am looking for some assistance with a problem I am having. Admittedly I am quite new to trying to use APIs with BC and Postman. I was following the guide from this document: https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-develop-connect-apps#exploring-the-apis-with-postman-and-aad-authentication

Specifically the part about using Postman with Azure AD authentication. while following the steps I was able to successfully generate a token after that I tried to use Postman to GET: https://api.businesscentral.dynamics.com/v2.0/MyEnvironment/api/v2.0

But I am seeing the Credentials Provided are incorrect. Since I was able to successfully obtain a token I thought everything went well but it seems it did not.

I know this issue is similar to https://learn.microsoft.com/en-us/answers/questions/282601/oauth-20-client-credential-grant-for-dynamics-365.html

But I followed those steps (enabled the additional permissions on my app and had the permissions granted by admin). When I navigate to jwt.ms I do not see a section that says "Roles" like indicated in the screenshot so maybe that is something that is wrong in my scenario?

I'm not quite sure where to go to troubleshoot, or what steps to follow from here and any advice would be appreciated.

Thanks for your time.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,718 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,236 Reputation points
    2021-05-20T08:56:34.757+00:00

    Hi @James French · Thank you for reaching out.

    Could you please check if the permissions added are Application permissions and not delegated permissions.

    If permissions are not being displayed under application permissions blade, make sure to update the app manifest to define the roles as shown below:

    "appId": "8763f1c4-0000-0000-0000-158e9ef97d6a",  
    "appRoles": [  
        {  
          "allowedMemberTypes": [  
            "Application"  
          ],  
          "displayName": "ConsumerApps",  
          "id": "47fbb575-0000-0000-0000-0f7a6c30beac",  
          "isEnabled": true,  
          "description": "Consumer apps have access to the consumer data.",  
          "value": "Consumer"  
        }  
      ],  
    "availableToOtherTenants": false,  
    

    Also, make sure the scope that you use in the authentication request is https://api.businesscentral.dynamics.com/.default

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. James French 11 Reputation points
    2021-05-20T13:13:10.137+00:00

    Hello Amanpreet, just to confirm this screenshot you are showing is like the Manifest file from Azure correct? I see my granted permissions are application for App_Access and AutomationReadWriteAll and delegated for the rest. However my Manifest file does not look the way yours does, perhaps I am missing something there after all, I will see what values look different on my end and try to tinker with them a bit.

    My manifest file has AppRoles as being blank, whereas you have it like this "appRoles": [
    {
    "allowedMemberTypes": [
    "Application"
    ],
    I will try to make this change. I will mark as correct if this ends up being the solution. Thanks for your assistance.

    EDIT: When making the change to add AllowedMemberTypes Application I see this error Error detail: The property 'AllowedMemberTypes' does not exist on type 'Microsoft.DirectoryServices.AppRole'.