I was able to setup adal4j and a service-to-service OAuth authentication and successfully retrieve an access token using the access token authority uri https://login.windows.net/$tenantId/oauth2/token
.
Here's what the acquire token process looks like:
val context = new AuthenticationContext("https://login.windows.net/$tenantId/oauth2/token", true, Executor)
val creds = new ClientCredential("CLIENT_ID", "CLIENT_SECRET")
val result = context.acquireToken("https://SANDBOX.crm.dynamics.com", creds, null).get()
result.getAccessToken
The token is in the format stuff.stuff.stuff
.
I found the tenant id (a guid apparently) using this url: https://login.windows.net/ORG.onmicrosoft.com/.well-known/openid-configuration
Now I'm having trouble using that token with the OData endpoint.
Request:
curl --head -X GET https://SANDBOX.crm.dynamics.com/XRMServices/2011/OrganizationData.svc/AccountSet -H 'Authorization: Bearer ACCESSTOKEN' -H 'Accept: application/json' -H 'DataServiceVersion: 3.0'
Response:
HTTP/1.1 302 Found
Location: https://login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=https%3a%2f%2fdynamicscrmna.accesscontrol.windows.net%2f&wctx=pr%3dwsfederation%26rm%3dhttps%253a%252f%252fSANDBOX.crm.dynamics.com%252f%26ry%3dhttps%253a%252f%252fSANDBOX.crm.dynamics.com%252fXRMServices%252f2011%252fOrganizationData.svc%252fAccountSet&wct=2015-05-07T16%3a00%3a47Z&wreply=https%3a%2f%2fdynamicscrmna.accesscontrol.windows.net%2fv2%2fwsfederation&Popupui=1
WWW-Authenticate: Bearer error=invalid_token, error_description=Error during token validation!, redirect_uri=https%3a%2f%2flogin.windows.net%2fcommon%2fwsfed, realm=Microsoft.CRM
My token is apparently invalid, but what this possibly mean? Can I be using the wrong tenant ID? Is OAuth access disabled or not configured for the OData endpoint? Is it a sandbox issue?
I don't have admin access on that instance and can't investigate much more than that.