High-level OAuth 2.0 helper module for Microsoft Dynamics 365 Business Central (v26+) focused on Microsoft Entra ID integration. It provides structured abstractions for the Authorization Code Grant and Client Credentials flows using either a client secret or an X.509 certificate (JWT client assertion). Tokens (access & refresh) are stored only in memory (SecretText) for the lifetime of the Rest Client instance.
- Authorization Code Grant Flow (PKCE + state) with secret or certificate
- Client Credentials Flow with secret or certificate
- Automatic offline_access scope injection to enable refresh tokens
- In-memory ephemeral token & refresh handling (no persistence)
- Pluggable authority design (optimized for Microsoft Entra ID)
- Built-in vs. custom redirect URI (advanced SSO-friendly control add-in)
- Authorization Code Grant (interactive, PKCE, refresh token support)
- Client Credentials (service-to-service, no refresh token, auto re-acquire)
- Create an OAuth Client Application (set client id, secret or certificate, redirect URI type, scopes).
- Create a Microsoft Entra ID authority and set the Tenant ID.
- Instantiate the desired flow (Authorization Code or Client Credentials) and assign the authority.
- Initialize
Http Authentication OAuth2with the client app + flow. - Initialize
Rest Clientwith a handler plus the authentication interface.
See docs/GettingStarted.md for detailed steps and docs/Examples.md for snippets.