search

microsoft / AL

Home of the Dynamics 365 Business Central AL Language extension for Visual Studio Code. Used to track issues regarding the latest version of the AL compiler and developer tools available in the Visual Studio Code Marketplace or as part of the AL Developer Preview builds for Dynamics 365 Business Central.
MIT License
744 stars 245 forks source link

OAuth 2 authorization flow on SaaS: missing customisation options #5976

Closed charlespockert closed 4 years ago

charlespockert commented 4 years ago

From what I can understand, it's not possible to initiate an OAuth2 authorization flow from BC and provide additional parameters such as scope etc.

For example, to access any Google services you need to provide a scope parameter to the OAuth 2 auth call.

All of the methods of calling OAuth2 within BC SaaS are either marked as not usable for extension development or are missing functionality that allows authentication with providers other than Microsoft.

I'd like to be able to auth with some Google services and have BC handle the redirect - obviously this can't happen if I can't get a popup or redirect and receive any URL parameters - from what I can see it looks like when you use the OAuth2 system codeunit it opens a child window and monitors the URL for the redirect; this would be ideal, however the Google services complain about the above.

Is there any way to do this? If not it would be useful to add it.

AndreyKorepanov commented 4 years ago

Thank you for reaching out. Your suggestion seems to be a question about existing functionality. Please reach out to Business Central Community Forum to ask questions: https://community.dynamics.com/business/f/dynamics-365-business-central-forum

charlespockert commented 4 years ago

@AndreyKorepanov unfortunately it's not existing functionality because it doesn't appear to be available in BC SaaS.

There are plenty of options for authenticating with BC coming inwards from another service since you usually have full control over the authentication mechanism and application.

BC however, does not allow you to open windows, get URL parameters etc so you cannot possibly initiate an OAuth2 flow in SaaS without using the basic stuff that's already there which I can't seem to get to work anyway.

There is no documentation on how to use the OAuth2 module and it doesn't appear to allow you to get an auth code, only exchange a code for a token.

I ended up using the "limited input device" auth flow (since BC is so limited) and manually rolling all my HTTP requests since that at least allowed a user to open a link.

Details here:

https://developers.google.com/identity/protocols/oauth2/limited-input-device

This works well, but this won't be available in all OAuth2 scenarios (other services may not support such a flow).

Also, I'm sure others will agree, those forums are not very fun to use (come on, there's not even a search function) and don't get looked at much in my experience.