0

Situation:

I have a developed a webapp using django which uses the default authentication middleware.All the views are login_required. Now client wants when he will login into CRM then webapp will open in an iframe and he should be auto logged inside django webapp as well.

Issues:

Opening webapp inside an iframe in CRM can be done. But how can django webapp create a session for the user logged in inside CRM? Django uses its own authentication, CRM uses its own. Even If i link Django authentication with azure active directory , still username and password has to be entered in the iframe.I cannot figure out how auto login will be done.

Update

I don't have CRM screenshot with me but i have the same use case in microsoft teams.

enter image description here

Now in this image my webapp is opened in teams tab and what i know tabs use iframe to open the page.The username and password which is being asked in the screenshot are validated by Django Authentication Backend. Once username and password are entered and verified, dashboard will open.

Requirement:

I don't want this login page to be opened , i want that dashboard will open directly. In simple words, authenticating in teams should authenticate my Django app as well.

In ROPC , username(userPrinicpalName) and password are required, how will django webapp opened in iframe will access username and password? I don't think that client can simply store password in browser's local storage as passwords are encrypted.

Second approach:

Right now dashboard opens at www.example.com. I can create a url like www.example.com/<id_token>/ and when this url will hit my server , i can validate this id_token and authenticate the user. But question here is does CRM has the ability to provide id_token in iframe src?

P.S: I don't have Microsoft Dynamics screenshot with me but i quickly implemented this in teams as i think use case is same.

Amandeep Singh
  • 1,371
  • 1
  • 11
  • 33
  • @JasonPan Thanks for the answer. I will try your approach and will surely accept it. I need to implement this. Thanks again for giving your time to this question. – Amandeep Singh Jan 14 '21 at 07:34
  • Thank you, you can try it first, you can contact me if you have any questions. – Jason Pan Jan 14 '21 at 07:36

1 Answers1

1

Newest

Or you can use Microsoft identity platform and the OAuth 2.0 client credentials flow.

Post

1. 401- Unauthorized authentication using REST API Dynamics CRM with Azure AD

You can use ROPC flow to achieve this requirement.

I believe that any page opened by your iframe should have a parameter to record user information, right, suppose it is an id token. When you open the page in your iframe, when the page is initialized, that is, use ROPC flow in $(documnet).ready(function(){}) to log in silently. There will be no pop-up window prompting you to log in, wait for success After that, the callback method will get the id token so you can achieve your needs.

The above is just an idea, the specific implementation can be coded according to the needs of the project.

For more details, you can refer my answer in below posts.

1. Could I sign into embedded PowerApp via Microsoft LiveID Account “quietly”?

2. Is there a way to improve the performance of MSAL-browser js login?

3. How to tell if a user has an active Azure session, in html page, before SSO?

Jason Pan
  • 15,263
  • 1
  • 14
  • 29
  • Can you please check the update and guide me? What i have studied , ROPC needs username and password, how will i access that? – Amandeep Singh Jan 14 '21 at 09:13
  • https://nishantrana.me/2019/08/23/connect-to-dynamics-365-web-api-using-oauth-2-0-resource-owner-password-credential-ropc/ – Jason Pan Jan 14 '21 at 09:19
  • @AmandeepSinghSawhney I have updated my answer, you can also choose according to your needs. – Jason Pan Jan 14 '21 at 09:26
  • @AmandeepSinghSawhney If my solution inspires or helps you, you mark my answer as [accepted](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work) , Tks~ – Jason Pan Jan 28 '21 at 09:05
  • Thanks for the answer and i upvoted it as well, But it didn't solve my problem. Really thankful to you that you took your time out to help me out. – Amandeep Singh Jan 28 '21 at 09:06