Hey!
So I have been running a few applications that authenticate using the method described here: https://docs.microsoft.com/en-us/powerapps/developer/common-data-service/authenticate-oauth#connect-as-an-app in order to use the Dynamics REST API. The only difference being that I don't use c-sharp. I just get the token from login.microsoftonline.com and pass it with my request. Everything worked fine until yestarday (monday 2/12-2019).
We started seeing bugs i production where we were unable to access the API due to a 403. However the request would work at random evey 10th time or so. I tried using the same token and generating a new one for each request, it didn't make a diffrence. The problem persist, still about every 10th request works.
What we also noted is that sending the request trough postman worked. The only difference was that the postman request included 4 cookies (origin unknown). Clever as I am I tried deleting these cookies and reproduced the error in postman, but I didn't back the cookies up.
Now to me this seems weird. The docs never mention using cookies to authenticate. I do not understand how these cookies were even created in the first place either. An even more so the incosnsitencies in that every 10th request works.
The response is a 403 with the following message.
{"error":{"code":"0x80072560","message":"The user is not a member of the organization."}}
Does anyone have the slightest idea what is happening?