We have a crm online instance and have some task scheduler jobs that connects using the crm using the tooling connection string.
We are changing the application users from an online user (username#orgname.onmicrosoft.com) to an AD user (username#domain.com) but we are receiving error messages when we try the new user in the connection string.
I tried changing the AuthType attribute of the connection string but keep getting errors.
The current connection string is:
Url=https://orgname.crm4.dynamics.com;
Username= username#orgname.onmicrosoft.com;
Password=pass;
ClientId=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX;
AuthType=OAuth;
RedirectUri=http://localhost:55162/;
After changing the connection string to:
Url=https://orgname.crm4.dynamics.com;
Username= username#domain.com;
Password=pass;
ClientId=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX;
AuthType=OAuth;
RedirectUri=http://localhost:55162/;
The OrganizationWebProxyClient attribute is null and in the LastCrmError we are getting
ERROR REQUESTING Token FROM THE Authentication context - General ADAL Error
parsing_ws_metadata_exchange_failed: Parsing WS metadata exchange failed => The ';' character, hexadecimal value 0x3B, cannot be included in a name. Line 14, position 223.Unable to connect to CRM: The ';' character, hexadecimal value 0x3B, cannot be included in a name. Line 14, position 223.
Unable to Login to Dynamics CRMOrganizationWebProxyClient is null
When I change the AuthType to Office365 I'm getting the error:
Unable to connect to CRM: CData elements not valid at top level of an XML document. Line 1, position 3.
Metadata contains a reference that cannot be resolved: 'https://adfs.domain.com/adfs/services/trust/mex'. => CData elements not valid at top level of an XML document. Line 1, position 3.Unable to Login to Dynamics CRM
Unable to Login to Dynamics CRMOrganizationWebProxyClient is null
And when I change the AuthType to AD I'm getting the error:
Unable to login to Dynamics CRM, Error was :
Data[0] = "The provided uri did not return any Service Endpoints!
{0}"
Data[1] = ""
Data[0] = "The provided uri did not return any Service Endpoints!
{0}"
Data[1] = ""Unable to Login to Dynamics CRM
Unable to Login to Dynamics CRMOrganizationWebProxyClient is null
The new user name and password are correct since I'm able to login to the crm using the browser without any issue.
Related
Does this mean Zoho API documentations are wrong?
I'm following the "client based applications" as my app is a ReactJS based app. Unfortuantely im getting a fetch failed type of error when trying to request an authentication token using response_type = token.
Very frustrating indeed.
What is the proper way to get an auth token for ReactJs apps?
You can get it by chrome(or firefox)
Get format (make single line)
https://accounts.zoho.com/oauth/v2/auth?
client_id={your client id}&
response_type=token&
scope=AaaServer.profile.Read&
redirect_uri={your app redirect URI}
This is steps
Get client_id and redirect_uri from my Zoho Setting
https://api-console.zoho.com/
Make single line string with upper format
put that string and enter from Chrome
The client id and redirect URI should be match your App settings.
Click the Accept button with checked Grant access checkbox
Will get the access token at address editor in Chrome
Get new access token with this format
http://localhost:3000/#&
access_token={get-new-access-token}&
expires_in=3600&
location=us&
api_domain=https%3A%2F%2Fwww.zohoapis.com&
granted_for_session=true
You can make your React app for getting access token with this steps.
I am adding oauth into an application(Java based) and I'm running into the following error:
[invalid_id_token] An error occurred while attempting to decode the Jwt: The ID Token contains invalid claims
I have followed all the steps to setup Azure AD and java project using the offical documentation: https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory
I checked the validity of my token using Postman- it's working there.
I'm stuck since 2 days. Tried many things but nothing worked. Anyone please help
As your error : An error occurred while attempting to decode the Jwt: The ID Token contains invalid claims :- {aud ,it says invalid claim is aud i.e; audience value .
The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.
According to aud -Pay load claims in Microsoft identity platform ID tokens - Microsoft Entra | Microsoft Docs
Aud, Identifies the intended recipient of the token. In id_tokens, the
audience is your app's Application ID i.e.; clientId, assigned to your app in the
Azure portal. This value should be validated. The tokenis
rejected if it fails to match your app's Application ID.
Also please make sure that server running your spring boot app has the correct time.
I am in the process of building a chat bot that will integrate with Teams or Slack. To get started I am using the echo bot template, but I am adding it to an exiting API that I have in my Service Fabric Cluster.
When running the application locally, I can connect to it fine from the Bot Emulator, but when I deploy it to my Azure channel registration, and test it in the web chat I get:
There was an error sending this message to your bot: HTTP status code Unauthorized.
I am setting the AppID and Password and they are saved and being retrieved from KeyVault, and I throw an exception at startup if either of the values are blank (which is not the case).
I set it as follow:
services.AddBot<EchoBot>(options =>
{
options.CredentialProvider = new SimpleCredentialProvider(Configuration["MicrosoftAppId"], Configuration["MicrosoftAppPassword"]);
options.OnTurnError = async (context, exception) =>
{
ServiceEventSource.Current.Message(exception.Message);
await context.SendActivityAsync("Sorry, it looks like something went wrong.");
};
});
I have added a teams channel, where the error does not occur, but the message never reaches the server.
The service is reachable and the controller allows unauthorized credentials while this is in testing.
Solved my own issue.
It turns out that if you are using a self signed certificate, then this could occur, as per Microsofts documents found here -
If one or more error(s) are indicated in the chat window, click the error(s) for details. Common issues include:
The emulator settings specify an incorrect endpoint for the bot. Make sure you have included the proper port number in the URL and the proper path at the end of the URL (e.g., /api/messages).
The emulator settings specify a bot endpoint that begins with https. On localhost, the endpoint should begin with http.
In the emulator settings, the Microsoft App ID field and/or the Microsoft App Password do not contain valid values. Both fields should be populated and each field should contain the corresponding value that you verified in Step 2.
Security has not been enabled for the bot. Verify that the bot configuration settings specify values for both app ID and password.
Lessons Learnt
Read the doc's
When you get frustrated, calm down and read the doc's
I am currently implementing access to Google Contacts via OAuth 2.0 and a so called Service Account. The service account is generated for an ordinary user like "My.Name#gmail.com".
The code to generate the OAuth 2.0 credentials is:
public static GoogleCredential getCredentials() throws GeneralSecurityException, IOException {
GoogleCredential credential = new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SingleUserCredentials.SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes("https://www.google.com/m8/feeds")
.setServiceAccountPrivateKeyFromP12File(new File(SingleUserCredentials.SERVICE_ACCOUNT_PKCS12_FILE_PATH))
.build();
credential.refreshToken();
return credential;
}
I am then trying to retrieve the contacts via:
ContactsService myService = new ContactsService(
"myApp");
myService.setOAuth2Credentials(getCredentials());
URL feedUrl = new URL("https://www.google.com/m8/feeds/contacts/default/full");
Query myQuery = new Query(feedUrl);
ContactFeed resultFeed = myService.query(myQuery, ContactFeed.class);
// Print the results
for (ContactEntry entry : resultFeed.getEntries()) {
System.out.println(entry.getName().getFullName().getValue());
System.out.println("Updated on: " + entry.getUpdated().toStringRfc822());
}
The problem is that I do not get any a single contact from my account. The feed is always empty. There is no error. Nothing.
When accessing a Google Apps managed domain via the same approach it works nicely.
I am wondering if the Contacts Api supports OAuth 2.0 for ordinary (aka #gmail.com) accounts when using a p12 key file and a service account.
I ran into that same problem myself.
I tried both the email address that I received when I setup the key and the email address of a domain administrator.
When I use the email from the key setup, I don't receive anything at all -- no warnings, no exceptions, and no data.
When I use the email address of a domain administrator, I receive an exception:
com.google.api.client.auth.oauth2.TokenResponseException: 400 OK
[java] {
[java] "error" : "invalid_grant"
[java] }
[java] Feb 5, 2013 5:16:48 PM com.google.appengine.repackaged.org.apache.http.impl.client.DefaultRequestDirector handleResponse
[java] WARNING: Authentication error: Unable to respond to any of these challenges: {}
[java] Feb 5, 2013 5:16:48 PM com.google.apphosting.utils.jetty.JettyLogger warn
[java] WARNING: /
[java] java.lang.NullPointerException: No authentication header information
...
So, I figured that the domain administrator's email address wasn't what I needed.
Next, I Googled around for a while before finding this page:
http://javadoc.google-api-java-client.googlecode.com/hg/1.13.2-beta/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.html
I saw in there getServiceAccountUser (). The description of the field was:
Returns the email address of the user the application is trying to impersonate in the service account flow or null for none or if not using the service account flow.
Sure enough, there's a corresponding setServiceAccountUser (String) which accepts the username (email address) of the user you're using the service account to impersonate.
I set that field to an appropriate value and I was able to proceed.
In retrospect, it all makes sense -- if I don't supply an account that I'm trying to work from, I can't pull down the contacts for that account.
It is currently not possible to access Contacts using a service account as it is not supported in the Google APIs Console at Google APIs Console.
See also: Service Accounts
Second, it would only work with a Google managed domain because the Admin of the domain must grant access to the service account via the process below:
Delegate domain-wide authority to your service account
The service account that you created now needs to be granted access to the Google Apps domain’s user data that you want to access. The following tasks have to be performed by an administrator of the Google Apps domain:
Go to your Google Apps domain’s control panel. The URL should look like: "www.google.com/a/cpanel/mydomain.com"
Go to Advanced tools... > Manage third party OAuth Client access.
In the Client name field enter the service account's Client ID.
In the One or More API Scopes field enter the list of scopes that your application should be granted access to.
Click the Authorize button.
I've run across this very same error today but have given up on using Service Accounts for now, which I assume is not currently supported in the Contacts API. And so I am using Contacts API v3 with OAuth 1.0 and am getting the expected results.
ContactsService contactsService = new ContactsService(APPLICATION_NAME);
contactsService.setUserCredentials(CLIENT_USERNAME, CLIENT_SECRET);
URL contactFeedURL = new URL("https://www.google.com/m8/feeds/contacts/default/full");
Query contactFeedQuery = new Query(contactFeedURL);
ContactFeed contactFeed = contactsService.getFeed(contactFeedQuery, ContactFeed.class);
I am trying to retrieve data from Microsoft Dynamics CRM database. In order to have LINQ functionality, I applied crmsvcutil to generate data context class. The following is the command line I used
crmsvcutil /connectionString:"Authentication Type=SPLA; Server= http://our-crm.com; User ID=user; Password=pass" /namespace:Stub.Xrm /dataContextPrefix:MyCorp /out:Xrm.cs
When running the command, I got
Unhandled Exception: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
Error. I was able to access http://our-crm.com by using user/pass to assess the CRM. I am suspecting that the URL of serer was the problem, but don't know exactly which one I should use.
The CRM version I used is 4.0
UPDATE On May 19, 2011:
I changed the connection string to
crmsvcutil /connectionString:"Authentication Type=AD; Server= http://our-crm.com/CRM; User ID=domain\user; Password=pass" /namespace:Stub.Xrm /dataContextPrefix:MyCorp /out:Xrm.cs
Now I am getting
Unhandled Exception: System.ApplicationException: 0x80040220
SecLib::CheckPrivilege failed. Returned hr = -2147220960, User: f26255aa-997a-e011-b1ff-0050569e0924, PrivilegeId: a33
11f47-2134-44ee-a258-6774018d4bc3
Does it mean I do not have enough privilege to retrieve WSDL information? But I was able to use browser to get http://our-crm.com/mscrmservices/2007/CrmServiceWsdl.aspx and I was able to add webreference to the WebService using same credential.
If you are accessing Dynamics CRM OnPremise with the credentials of the current user, you have to specify Integratedas authentication type.
Therefore your connection string should be
/connectionString:"Authentication Type=Integrated; Server= http://our-crm.com;
If you have to specify a specific user, you have to use AD
/connectionString:"Authentication Type=AD; Server= http://our-crm.com; User ID=user-domain\user-name; Password=user-password
See Connect to the Microsoft Dynamics CRM Server