1

I've developed a single page application (SPA) to perform CURD operation in Dynamic 365 from outside using JavaScript web API. For this I followed instruction form this URL

Application development link

All functionality is working fine but the problem is, it is redirecting to Dynamic 365 site for authentication purpose. But I want to skip this step which take me to the login page instead I want to pass the credential in API call so that I can skip the manual login part.

Vikash Jha
  • 67
  • 1
  • 7
  • Hi Vikash, I am also following same docs but not worked for me. Could you please share some articles/blogs on this ? Thanks in advance. – Bimal Grg Feb 04 '19 at 10:07

1 Answers1

1

The resource owner password credential(pass the password to acquire the token) is not recommend for this scenario for the security consideration.

The credentials should only be used when there is a high degree of trust between the resource owner and the client (e.g., the client is part of the device operating system or a highly privileged application), and when other authorization grant types are not available (such as an authorization code).

refer The OAuth 2.0 Authorization Framework

For the single page application, the implicit flow is recommend flow. Is there a special reason to avoid the users entering the credentials?

Community
  • 1
  • 1
Fei Xue
  • 14,369
  • 1
  • 19
  • 27
  • Because application will not executed by end users, it will be executed by cron to avoid manual process, that's why I am looking to skip redirection process. If any API is available then please suggest me. – Vikash Jha Aug 12 '17 at 10:23
  • Based on my understanding, there is no way to avoid this progress. If you were developing a demo service without user interaction, you can choose the client credentials flow or the resource owner password credentials flow. And you need to sure the environment is security not to leak the credentials. More detail you can refer these two links.[Using ADAL C# as Confidential User /Daemon Server /Server-to-Server - 401 Unauthorized](https://stackoverflow.com/questions/37454539/using-adal-c-sharp-as-confidential-user-daemon-server-server-to-server-401-u). – Fei Xue Aug 15 '17 at 07:15
  • [Dynamics 365 Online S2S Authentication - Full Explain](http://phuocle.net/crm/dynamics-365-online-s2s-authentication-full-explain.aspx) – Fei Xue Aug 15 '17 at 07:15