cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
davidyc
Helper III
Helper III

React Web App & Dataverse Web API

Hi All, I'm looking to build a React Web App which can use the dataverse web api under an Application User profile. My research tells me that in order to achieve this an App Registration is required which then automatically creates an Application User record on the Users table in Dataverse. What I'm struggling to find online is an example of the code that would be needed to authenticate the app with Dataverse without having a popup where a user has to use login credentials (and 2 factor auth). I'm using another service for end user authentication of the web app. 

 

Any guidance or advice on this would be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
cchannon
Multi Super User
Multi Super User

OK, so it won't actually be that easy, because you're talking about an authentication pattern that isn't really best practice. It's not impossible, but it isn't as easy as maybe it ought to be.

So, the library you're looking for to get AD tokens from your react SPA is microsoft-authentication-library-for-js 

 

This library gives you an easy API for creating what's known as a PublicClientApplication that will acquire a user token silently or prompt a user to sign in to AD if there is no already available token. However, from your description, that's not quite what you're looking for: you are talking about what's known as a ConfidentialClient: a different type of auth connection to AD that is intended for Apps to acquire a token based on Id/Secret or Id/Secret/User Creds. Here's a more detailed explanation of the difference: Public and confidential client apps (MSAL) - Microsoft identity platform | Microsoft Docs

If you can authenticate with user credentials (i.e. the users in your app have a corresponding user in DataVerse) then I suggest you use the PublicClient. Just go to that link I posted above and the Readmes there have plenty of documentation and examples to follow. This is the straightforward and secure answer, and it is also clearly in keeping with MSFT licensing expectations.

But, if you MUST authenticate as an App User, then it gets a bit more complex. MSAL.js is intended for attended authentication scenarios, so it is totally built around publicclient objects. You'll have to switch to MSAL.net to get support for ConfidentialClients, so what you're probably going to wind up doing is to create an Azure Function that acts as an API you can call from your React App. There are other ways to get ConfidentialClient if you don't like .net, but all of them are intended to be server-side, so you will pretty much have to push this kind of auth to some kind of code execution that is NOT in the user's browser.

View solution in original post

7 REPLIES 7

you can create an app registration and you can use clientid/clientsecret authentication instead of oauth

you can follow the initial steps of this post to create the app registration, the app user and assign the security roles

https://benediktbergmann.eu/2022/01/04/setup-a-service-principal-in-power-automate/

 

cchannon
Multi Super User
Multi Super User

OK, so it won't actually be that easy, because you're talking about an authentication pattern that isn't really best practice. It's not impossible, but it isn't as easy as maybe it ought to be.

So, the library you're looking for to get AD tokens from your react SPA is microsoft-authentication-library-for-js 

 

This library gives you an easy API for creating what's known as a PublicClientApplication that will acquire a user token silently or prompt a user to sign in to AD if there is no already available token. However, from your description, that's not quite what you're looking for: you are talking about what's known as a ConfidentialClient: a different type of auth connection to AD that is intended for Apps to acquire a token based on Id/Secret or Id/Secret/User Creds. Here's a more detailed explanation of the difference: Public and confidential client apps (MSAL) - Microsoft identity platform | Microsoft Docs

If you can authenticate with user credentials (i.e. the users in your app have a corresponding user in DataVerse) then I suggest you use the PublicClient. Just go to that link I posted above and the Readmes there have plenty of documentation and examples to follow. This is the straightforward and secure answer, and it is also clearly in keeping with MSFT licensing expectations.

But, if you MUST authenticate as an App User, then it gets a bit more complex. MSAL.js is intended for attended authentication scenarios, so it is totally built around publicclient objects. You'll have to switch to MSAL.net to get support for ConfidentialClients, so what you're probably going to wind up doing is to create an Azure Function that acts as an API you can call from your React App. There are other ways to get ConfidentialClient if you don't like .net, but all of them are intended to be server-side, so you will pretty much have to push this kind of auth to some kind of code execution that is NOT in the user's browser.

@cchannon has got it pretty much covered, 
If your app runs on the server, you can pretty much just get a token from Azure Active Directory using the token authentication endpoint and use that token in the header for your other requests.

If your app runs in the client browser, you are going to have to implement some sort of middleware server side in order to get the token from Azure AD and pass that to your client app so you can use it in your web request. Or even better, just implement every API call in your serverside middleware and only pass the results to your web app.


Yeah, the only exception to this would be if you were to use a more traditionally server side language in the browser (i.e. a Blazor app) because then you could use the msal library that allows for confidential client.

Hi @davidyc ,

any luck on the sample app ? 

davidyc
Helper III
Helper III

Yes, my React app sends API calls to Firebase cloud functions which then use the client id/secret to make API requests to Dataverse and return the data to the web app. This is what @joeristroy was describing.

@davidyc Can you share the git link of sample application of react. 

Helpful resources

Announcements

Community will be READ ONLY July 16th, 5p PDT -July 22nd

Dear Community Members,   We'd like to let you know of an upcoming change to the community platform: starting July 16th, the platform will transition to a READ ONLY mode until July 22nd.   During this period, members will not be able to Kudo, Comment, or Reply to any posts.   On July 22nd, please be on the lookout for a message sent to the email address registered on your community profile. This email is crucial as it will contain your unique code and link to register for the new platform encompassing all of the communities.   What to Expect in the New Community: A more unified experience where all products, including Power Apps, Power Automate, Copilot Studio, and Power Pages, will be accessible from one community.Community Blogs that you can syndicate and link to for automatic updates. We appreciate your understanding and cooperation during this transition. Stay tuned for the exciting new features and a seamless community experience ahead!

Summer of Solutions | Week 4 Results | Winners will be posted on July 24th

We are excited to announce the Summer of Solutions Challenge!   This challenge is kicking off on Monday, June 17th and will run for (4) weeks.  The challenge is open to all Power Platform (Power Apps, Power Automate, Copilot Studio & Power Pages) community members. We invite you to participate in a quest to provide solutions in the Forums to as many questions as you can. Answers can be provided in all the communities.    Entry Period: This Challenge will consist of four weekly Entry Periods as follows (each an “Entry Period”)   - 12:00 a.m. PT on June 17, 2024 – 11:59 p.m. PT on June 23, 2024 - 12:00 a.m. PT on June 24, 2024 – 11:59 p.m. PT on June 30, 2024 - 12:00 a.m. PT on July 1, 2024 – 11:59 p.m. PT on July 7, 2024 - 12:00 a.m. PT on July 8, 2024 – 11:59 p.m. PT on July 14, 2024   Entries will be eligible for the Entry Period in which they are received and will not carryover to subsequent weekly entry periods.  You must enter into each weekly Entry Period separately.   How to Enter: We invite you to participate in a quest to provide "Accepted Solutions" to as many questions as you can. Answers can be provided in all the communities. Users must provide a solution which can be an “Accepted Solution” in the Forums in all of the communities and there are no limits to the number of “Accepted Solutions” that a member can provide for entries in this challenge, but each entry must be substantially unique and different.    Winner Selection and Prizes: At the end of each week, we will list the top ten (10) Community users which will consist of: 5 Community Members & 5 Super Users and they will advance to the final drawing. We will post each week in the News & Announcements the top 10 Solution providers.  At the end of the challenge, we will add all of the top 10 weekly names and enter them into a random drawing.  Then we will randomly select ten (10) winners (5 Community Members & 5 Super Users) from among all eligible entrants received across all weekly Entry Periods to receive the prize listed below. If a winner declines, we will draw again at random for the next winner.  A user will only be able to win once overall. If they are drawn multiple times, another user will be drawn at random.  Individuals will be contacted before the announcement with the opportunity to claim or deny the prize.  Once all of the winners have been notified, we will post in the News & Announcements of each community with the list of winners.   Each winner will receive one (1) Pass to the Power Platform Conference in Las Vegas, Sep. 18-20, 2024 ($1800 value). NOTE: Prize is for conference attendance only and any other costs such as airfare, lodging, transportation, and food are the sole responsibility of the winner. Tickets are not transferable to any other party or to next year’s event.   ** PLEASE SEE THE ATTACHED RULES for this CHALLENGE**   Week 1 Results: Congratulations to the Week 1 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Community MembersNumber of SolutionsSuper UsersNumber of Solutions @anandm08  23 @WarrenBelz  31 @DBO_DV  10 @Amik  19 AmínAA 6 @mmbr1606  12 @rzuber  4 @happyume  7 @Giraldoj  3@ANB 6 (tie)   @SpongYe  6 (tie)     Week 2 Results: Congratulations to the Week 2 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Community MembersSolutionsSuper UsersSolutions @anandm08  10@WarrenBelz 25 @DBO_DV  6@mmbr1606 14 @AmínAA 4 @Amik  12 @royg  3 @ANB  10 @AllanDeCastro  2 @SunilPashikanti  5 @Michaelfp  2 @FLMike  5 @eduardo_izzo  2   Meekou 2   @rzuber  2   @Velegandla  2     @PowerPlatform-P  2   @Micaiah  2     Week 3 Results: Congratulations to the Week 3 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge.   Week 3:Community MembersSolutionsSuper UsersSolutionsPower Apps anandm0861WarrenBelz86DBO_DV25Amik66Michaelfp13mmbr160647Giraldoj13FLMike31AmínAA13SpongYe27     Week 4 Results: Congratulations to the Week 4 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge.   Week 4:Community MembersSolutionsSuper UsersSolutionsPower Apps DBO-DV21WarranBelz26Giraldoj7mmbr160618Muzammmil_0695067Amik14samfawzi_acml6FLMike12tzuber6ANB8   SunilPashikanti8

Check Out | 2024 Release Wave 2 Plans for Microsoft Dynamics 365 and Microsoft Power Platform

On July 16, 2024, we published the 2024 release wave 2 plans for Microsoft Dynamics 365 and Microsoft Power Platform. These plans are a compilation of the new capabilities planned to be released between October 2024 to March 2025. This release introduces a wealth of new features designed to enhance customer understanding and improve overall user experience, showcasing our dedication to driving digital transformation for our customers and partners.    The upcoming wave is centered around utilizing advanced AI and Microsoft Copilot technologies to enhance user productivity and streamline operations across diverse business applications. These enhancements include intelligent automation, AI-powered insights, and immersive user experiences that are designed to break down barriers between data, insights, and individuals. Watch a summary of the release highlights.    Discover the latest features that empower organizations to operate more efficiently and adaptively. From AI-driven sales insights and customer service enhancements to predictive analytics in supply chain management and autonomous financial processes, the new capabilities enable businesses to proactively address challenges and capitalize on opportunities.    

Updates to Transitions in the Power Platform Communities

We're embarking on a journey to enhance your experience by transitioning to a new community platform. Our team has been diligently working to create a fresh community site, leveraging the very Dynamics 365 and Power Platform tools our community advocates for.  We started this journey with transitioning Copilot Studio forums and blogs in June. The move marks the beginning of a new chapter, and we're eager for you to be a part of it. The rest of the Power Platform product sites will be moving over this summer.   Stay tuned for more updates as we get closer to the launch. We can't wait to welcome you to our new community space, designed with you in mind. Let's connect, learn, and grow together.   Here's to new beginnings and endless possibilities!   If you have any questions, observations or concerns throughout this process please go to https://aka.ms/PPCommSupport.   To stay up to date on the latest details of this migration and other important Community updates subscribe to our News and Announcements forums: Copilot Studio, Power Apps, Power Automate, Power Pages

Users online (912)