Open in app

Sign in

Write

Sign in

Using MSAL to connect to Microsoft’s Common Data Service

Emily Cheyne
3 min readNov 2, 2020

Recently, I needed to connect a Microsoft Office Add-in to MSAL to query our organization’s MS Graph and Common Data Service (CDS) resources. I found an abundance of resources to help me do a basic setup of my application’s authentication and connect to MS Graph from Microsoft, on npm, and other bloggers. However, I found no documentation on how to connect to the CDS and only found the solution after a series of guess-and-check attempts. To save you the hassle I documented my process.

Prerequisites

You must have an Angular SPA with @azure/msal-angular installed, including an application registered within your Azure Portal. You must also have a CDS database configured in an environment that the users of your application will have permission to access.

Add the Required Permissions to your App Registration

Within your Azure Portal -> App Registrations -> your app -> API Permissions -> click “Add a permission” and select “Dynamics CRM”. The CDS is the Dynamics CRM exposed to Microsoft’s Power Platform.

Select and add the user_impersonation permission.

Then, grant admin consent for the newly added permission for your organization.

Get the URL of your CDS

Go to make.powerapps.com and make sure you are in the correct environment. Select Settings -> Advanced Settings. This will take you to the Dynamics 365 management portal.

Within the Dynamics 365 portal select Settings -> Customizations. From the Customizations page click the Developer Resources link.

On the Developer Resources page copy your Service Root URL. We will use a portion of this URL for authentication. To perform OData queries on your CDS you will need to use the entire URL. For the purpose of this tutorial let’s assume the URL is https://test-org.crm3.dynamics.com/api/data/v9.1

Add CDS Access to your SPA MSAL Authentication Scopes

Within your MSAL scope list, you must add the user_impersonationscope. This permission is issued by your Dynamics 365 environment so it must be prefaced with your environment URL.

export const authScopeConfig = {
  appId: environment.clientId,
  scopes: [
    'https://test-org.crm3.dynamics.com/user_impersonation',
    // Any additional scopes required by your app go here
  ]
};

If you are using MSAL’s protected resource map to configure which tokens are included on your various requests, you will have to add your scope there as well.

export const protectedResourceMap: [string, string[]][] = [
  [
    https://test-org.crm3.dynamics.com/api/data/v9.1,
    [
      'https://test-org.crm3.dynamics.com/api/data/v9.1/user_impersonation'
    ]
  ],
];

Start your App

You should now be able to start your application, log in and then be prompted to authorize your application to access your CDS on your behalf.

Do you need custom development done for your MS 365 services? Check out the work we do at Big Bear Software.

Software Development
Angular
M365
Common Data Service
Msal

--

--

Emily Cheyne

Written by Emily Cheyne

0 Followers

Emily is a Software Development Manager at Big Bear Software and specializes in delivering large scale, custom, web and MS 365 solutions.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams