Dynamics 365 Portal Authentication - Using OAuth2.0 Providers

The supported OAuth2.0  providers are:

• Microsoft Account
• Twitter
• Facebook
• Google
• LinkedIn
• Yahoo

They all involve registering the portal application with a third-party service to obtain a client ID and client secret pair. A redirect URL needs to be specified that allows the identity provider to send users back to the portal.

How to configure for Google

Google OAuth2 API Credentials Instructions

1. Open Google Developers Console
2. Create an API project or open an existing project
3. Go toAPIs & auth >APIs, and under Social APIs, selectGoogle+ API, and then selectEnable API
4. Go toAPIs & auth >Consent screen.
   • Specify anEmail address.
   • Specify a customProduct name.
   • SelectSave.
5. Go toAPIs & auth >Credentials and create a new client ID.
• Application Type:Web application
• Authorized JavaScript Origins: http://portal.myexample.com
• Authorized Redirect URIs: http://portal.myexample.com/signin-google
• Select Create Client ID.

How to configure for Facebook

1. Open Facebook Developers App Dashboard
2. Select Add a New App.
3. Select Website.
4. Select Skip and Create App ID.
   • Specify a Display Name.
   • Choose a Category.
   • Select Create App ID.
5. While on the dashboard for the new app, go to Settings >Basic (tab) and add the following details:
   • App Domains (optional): portal.myexample.com
   • Contact Email: <email address of your choice>
   • Select Add Platform, and then select Website.
   • Site URL: http://portal.myexample.com/ or http://portal.myexample.com/signin-facebook
6. Select Save Changes.
7. Go to Status & Review > Status tab.
8. Select Yes when prompted to make the app and all its features available to the general public. You must have filled in the valid data in Step 5 above to enable this setting.

How to configure for Microsoft

1. Open Microsoft account Developer Center
2. Select Create application and specify an Application name.
3. Select I accept to accept Terms and Conditions.
4. Go to Settings >API settings, and then set the redirect URL as http://portal.myexample.com/signin-microsoft

How to configure for Twitter

1. Open Twitter Application Management.
2. Select Create New App.
   • Specify a Name and Description for your app.
   • Set the Website URL as http://portal.myexample.com.
   • Set the Callback URL as http://portal.myexample.com or http://portal.myexample.com/signin-twitter.
3. Select Create your Twitter application.

How to configure for LinkedIn

1. Open LinkedIn Developer Network.
2. Select Add New Application.
   • Specify an Application Name, Description, and so on.
   • Set Website URL as http://portal.myexample.com.
   • Set OAuth User Agreement/Default Scope: r_basicprofie and r_emailaddress
   • Set OAuth 2.0 Redirect url: http://portal.myexample.com/signin-linkedin.
3. Select Add Application.

How to configure for Yahoo

1. Open Yahoo! Developer Network.
2. Select Create an App.
   • Specify an Application Name.
   • Application Type: Web Application.
   • Callback Domain: portal.myexample.com
3. Select Create App.

Following site settings need to be configured on the portal (replace [provider] with google,facebook,twitter,linkedin,Microsoft,yahoo depending on which one is getting used) :

Site Setting Name	Description
Authentication/Registration/ExternalLoginEnabled	Enables or disables external account sign-in and registration. Default: true
Authentication/OpenAuth/[provider]/ClientId	Required. The client ID value from the provider application. It may also be referred to as an App ID or Consumer Key. The following setting names are allowed for backwards compatibility: Authentication/OpenAuth/Twitter/ConsumerKey Authentication/OpenAuth/Facebook/AppId Authentication/OpenAuth/LinkedIn/ConsumerKey
Authentication/OpenAuth/[provider]/ClientSecret	Required. The client secret value from the provider application. It may also be referred to as an App Secret or Consumer Secret. The following setting names are allowed for backwards compatibility: Authentication/OpenAuth/Twitter/ConsumerSecret Authentication/OpenAuth/Facebook/AppSecret Authentication/OpenAuth/LinkedIn/ConsumerSecret
Authentication/OpenAuth/[provider]/AuthenticationType	The OWIN authentication middleware type. Example: yahoo. authenticationoptions.authenticationtype.
Authentication/OpenAuth/[provider]/Scope	A comma separated list of permissions to request. microsoftaccountauthenticationoptions.scope.
Authentication/OpenAuth/[provider]/Caption	The text that the user can display on a sign in user interface. microsoftaccountauthenticationoptions.caption.
Authentication/OpenAuth/[provider]/BackchannelTimeout	Timeout value in milliseconds for back channel communications. microsoftaccountauthenticationoptions.backchanneltimeout.
Authentication/OpenAuth/[provider]/CallbackPath	The request path within the application's base path where the user-agent will be returned. microsoftaccountauthenticationoptions.callbackpath.
Authentication/OpenAuth/[provider]/SignInAsAuthenticationType	The name of another authentication middleware which will be responsible for actually issuing auserClaimsIdentity. microsoftaccountauthenticationoptions.signinasauthenticationtype.
Authentication/OpenAuth/[provider]/AuthenticationMode	The OWIN authentication middleware mode. security.authenticationoptions.authenticationmode. Source of this article is https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/configure-oauth2-settings s