Hi,
I'm trying to figure out how to do Authentication of our companies current multi-tenant application (used to push data to multiple customers Dynamics CRM accounts) with a customer that has an on-premise install of MS Dynamics. Our application works great (over 2 years now) with our customers that have online Dynamics CRM accounts.
The current method of Authentication for online CRM accounts uses the regular OAuth process:
https://docs.microsoft.com/en-us/previous-versions/azure/dn645542(v=azure.100)?redirectedfrom=MSDN
However we now have customers with on-premise accounts. Attempting to Authenticate with on-premise CRM account (using the same method we use for online CRM accounts) we get the following error (occurs when attempting to get the Auth and Refresh Tokens with the returned code once they've allowed access to our App):
Token Refresh Error [invalid_request] AADSTS90002: Tenant 'XXXXXXX-XXXX-4aac-XXXX-b9ba8cb78f24' not found. This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator
Trace ID: 72f684e6-8296-4e8e-9fff-56eea7a86c00
Correlation ID: d40892a5-30fc-4d85-9f5a-14e19a241649
Timestamp: 2019-11-08 21:44:21Z [code=90002]
So my main questions are:
1) The current OAuth method hits the https://login.microsoftonline.com/common/oauth2/authorize endpoint -- does this need to change and need to point to the clients domain? If so, does would it be the same across all on-premise installs?
2) Can the on-premise install still use our multi-tenant application as it's currently created? Or does a unique application need to be created on the on-premise Azure AD in order to work? Ideally they would be able to use our currently created multi-tenant application -- can that app somehow be allowed to be used by the on-premise install (whitelisted or whatever the terminology would be)?
3) Do I need to do Authentication differently for on-premise installs? The documentation appears to show that the WebAPI call will all be the same and won't be a problem -- it's just that getting authentication working seems to be a problem.
Any help from anyone here would be greatly appreciated. Links to documents, experience from your own install, etc -- any of it would help.
Thanks... Michael