The authentication flow for the client credentials grant exchanges client credentials for the access token at a token URI endpoint. Web-based login and consent are not required. The following credentials are required to connect using the client credentials grant.

Important: Once you obtain the credential information for your data source, you must store this information as a secret in AWS Secrets Manager. The secret allows you to connect using an OAuth 2.0 grant. When creating a connection, you must specify the name of the secret you created to store your data source credential information. See Storing your credentials in AWS Secrets Manager.
  • Service URL: base URL of the Dynamics 365 instance to which you want to issue requests. For example, https://mywebinstance.api.crm.dynamics.com/api/data/v9.1/.
  • Client ID: client ID key for your application.
  • Client secret: client secret for your application.
  • Token URI: token URI or endpoint used to exchange authentication credentials for access tokens. The value of the TokenURI property must begin with the POST command followed by the token URI or the endpoint used to exchange authentication credentials for access tokens. For example:

    TokenURI=POST https://login.microsoftonline.com/common/oauth2/v2.0/token

  • Scope: an OAuth scope or a space-separated list of OAuth scopes that limit the permissions granted by an access token (required for Microsoft Identity Platform (v2) provisioning). The following example shows the scope for a Dynamics CRM instance.

    Scope=https://mywebinstance.api.crm.dynamics.com/.default

    Note: The /.default scope is embedded in every application. It refers to a static list of permissions configured on the application registration. Refer to Microsoft Identity Platform documentation for further details.