Dynamics 365 API using AAD v2

Question

I am trying to access the Dynamics 365 Online API via a SPA. But I want to use the v2 authorization endpoint. I register my app in AAD and assign permissions for Dynamics CRM (I'm using the preview registration blade which allows me to specify Dynamics). It does not say that Admin consent is required for Dynamics but when I specify the scope in my SPA, I get an error at the consent screen indicating that I need admin consent.

I have successfully used the v1 authorization endpoint in the past so I suspect it is an issue with how I am specifying the scope when I retrieve my access token.

Is there something special needed for this API? Is it not fully implemented yet?

In my scope parameter when I request my access_token, I have tried:

<service guid>/<scope guid>
<service guid>/user_impersonation
https://<tenant>.crm.dynamics.com/user_impersonation
https://crm.dynamics.com/user_impersonation
https://dynamics.com/user_impersonation

The last four indicate admin consent is required. I've tried a few other formats but they error out indicating the format is incorrect or the resource doesn't exist - which I get. But I am confused about the admin consent pieces.

Any guidance appreciated!

Answer 1

You need to use a scope of:

https://{organization}.crm.dynamics.com//user_impersonation.

Note the double slash.