Connecting to Dynamics 365 via OAuth using a Custom Azure App and the Authorization Code Flow
Please note that from Version 6.0.3341 the Dynamics connector supports PKCE.
You can create your own custom Azure Application to allow Data Sync to connect to your Dynamics 365 site using OAuth. The following documentation will explain the process you need to follow to create your own Azure app and use the authorization_code flow with a user identity. If you want to use the client_credentials flow, please see our documentation here.
Create the Application
Login to your Azure Portal and navigate to Azure AD > App Registrations > New Registration to create your application.
Enter in a name for your application and select the account type you want to use, as we want to keep this private and only need access to those within our organization so we have selected Accounts in this organizational directory only.
Enter http://localhost as the redirect URI and then click onto Register to create the app.
You'll now be given an overview of your app credentials (Client ID and Tenant ID). Make a note of these as you will need them to connect in Data Sync.
Something to consider: If you make this a public app you will not need to generate and enter a client secret. If you choose this then please skip the add a client secret step and leave this field blank in Data Sync
Set Permissions
We now need to set the permissions for the app. To do this go to API permissions > Add a permission > Dynamics CRM > Delegated permissions and then select user_impersonation. This allows you to read and write to your Dynamics entities. Click Add Permission to add it to the list.
Add a Client Secret
Now you need to create a client secret. To do this go to Certificates & Secrets and click onto New client secret. Type in a description and set an expiry for the secret. Once you are done click Add.
You now need to copy the client secret value to use in Data Sync later on. Please make a note of this value as you will not be able to view it again. If you loose it you will need to create a new client secret.
Get the Endpoint URLs
You need to gather the endpoint URLs so then you can connect in Data Sync. To do this click onto Overview > EndPoints and then copy the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2).
Now open Data Sync to connect.
Connect in Data Sync
To connect to Dynamics start by opening the connection window, expanding the Microsoft Dynamics folder, and then select the Microsoft Dynamics 365 connection option.
You will need to enter the URL to your Dynamics site into the URL field and Data Sync will automatically format this to the Organisation Service SOAP\WCF service endpoint.
So you can just copy and paste the URL from your site into the field, e.g. https://<domain>.crm4.dynamics.com.
Make sure that the Authentication Method is set to Custom OAuth Application and enter in your ClientID, ClientSecret, AuthorisationURL and TokenURL.
You will also need to ensure that GrantType is set to authorization_code and the RedirectURL is http://localhost.
Then click the Authorise Connection button to authorise the connection to Dynamics.
As this is using the select_account prompt it will use your browser cookies to sign in to your Microsoft Account. If you are not currently signed in then this will open up a window stating Waiting for OAuth Authorization Code and your default browser. In your browser window sign into Microsoft to enable you to authorise the request.
You can now go back to Data Sync and select the entity you want to connect to from the dropdown list. To finish click on to Connect & Create Library Connection to save the connection to your local connection library.
Please note that you only need to save the connection to your site once, you will be able to access all of your entities within that site from the connection library. You can re-use the connection to your Dynamics site from the Connection Tree whenever you are creating projects or adding lookups. You can also preview the data before selecting it as your source or target.