Creating a Custom OAuth App
When to Create a Custom OAuth AppCreating a custom OAuth app is required in the web flow. Creating a custom OAuth app is optional for desktop and headless applications; the component is already registered with Dynamics 365 Business Central and you can connect with its embedded credentials.
You might want to create a custom OAuth app to change the information displayed when users log into the Dynamics 365 Business Central OAuth endpoint to grant permissions to the component.
Follow the steps below to create a custom OAuth app and obtain the connection properties in a specific OAuth authentication flow.
Steps to Create a Custom OAuth App
Follow the steps below to obtain the OAuth values for your app, the OAuthClientId and OAuthClientSecret.
- Log in to https://portal.azure.com.
- In the left-hand navigation pane, select Azure Active Directory then App Registrations and click the Add button.
- Enter an app name and set the radio button for "Any Azure AD Directory - Multi Tenant". Then set the redirect url to something such as http://localhost:33333, the component's default. Or, set a different port of your choice and set CallbackURL to the exact reply URL you defined.
- After creating the app, go to the Certificates & Secrets section, create a Client Secret for the app and select a duration.
- After you save the key, a value for the key is displayed once. Set OAuthClientSecret to the key value. Set OAuthClientId to the Application Id.
- Select API Permissions and then click Add. If you plan for your app to connect without a user context, select the Application Permissions (OAuthGrantType = CLIENT). Otherwise, when selecting permissions, use the Delegated permissions.
- Select Required Permissions and then click Add. Under Select an API, select the Dynamics 365 Business Central -> Delegated Permissions.
- Save your changes.
- If you have selected to use permissions that require admin consent (such as the Application Permissions), you may grant them from the current tenant on the API Permissions page. Otherwise, follow the steps under Admin Consent.