Anywhere Mobility Studio Documentation

Anywhere Portal Authorization Flows

There are two main authorization flows that can be used with the cloud version of Business Central.

These flows are part of OAuth.

In client credentials flow, the following steps are needed by the portal to successfully contact BC in an authenticated manner.

#	Actor	Step
1	User	Accesses the portal.
2	Portal	Checks if a valid token exists in the session. If it exists, steps 3 to 5 are skipped.
3	Portal	If no valid token exists or the existing token is expired, the portal sends a request to the Authority for a new access token using the client id and client secret.
4	Authority	Sends back an access token.
5	Portal	Stores the retrieved access token in the session.
6	Portal	Uses the stored access token to send authenticated requests to Business Central.
7	User	Uses the portal which is now connected successfully to Business Central.

Client Credentials Flow (AzApp mode) is the preferred mode as this does not require user interaction.

In authorization code flow, the following steps are needed by the portal to successfully contact BC in an authenticated manner.

#	Actor	Step
1	User	Accesses the portal.
2	Portal	Checks if a valid token exists in the session. If it exists, steps 3 to 8 are skipped.
3	Portal	If no valid token exists or the existing token is expired, the user is redirected to the `Authority URI`, asking for an authorization code.
4	User	Logs in to their Microsoft Account if not already logged in.
5	User	Authorizes the app if not already authorized.
6	Authority	Redirects the user back to the URL defined as the `RedirectURI`, with an authorization code.
7	Portal	Sends a server side request to the Authority to get an access (Bearer) token using the received authorization code.
8	Portal	Stores the retrieved access token in the session.
9	Portal	Uses the stored access token to send authenticated requests to Business Central.
10	User	Uses the portal which is now connected successfully to Business Central.