Anywhere Mobility Studio Documentation

Anywhere Portal authorization flows

Two main authorization flows work with the cloud version of Business Central:

These flows are part of OAuth.

In Client Credentials Flow, the portal contacts Business Central in an authenticated manner through these steps:

#	Actor	Step
1	User	Accesses the portal.
2	Portal	Checks if a valid token exists in the session. If it does, steps 3 to 5 are skipped.
3	Portal	When no valid token exists or the existing token is expired, sends a request to the Authority for a new access token using the client ID and client secret.
4	Authority	Sends back an access token.
5	Portal	Stores the retrieved access token in the session.
6	Portal	Uses the stored access token to send authenticated requests to Business Central.
7	User	Uses the portal, now connected successfully to Business Central.

Notes Client Credentials Flow (AzApp mode) is the preferred mode because it does not require user interaction.

In Authorization Code Flow, the portal contacts Business Central in an authenticated manner through these steps:

#	Actor	Step
1	User	Accesses the portal.
2	Portal	Checks if a valid token exists in the session. If it does, steps 3 to 8 are skipped.
3	Portal	When no valid token exists or the existing token is expired, redirects the user to the `Authority URI` to request an authorization code.
4	User	Logs in to their Microsoft account if not already logged in.
5	User	Authorizes the app if not already authorized.
6	Authority	Redirects the user back to the URL defined as the `RedirectURI`, with an authorization code.
7	Portal	Sends a server-side request to the Authority to get an access (Bearer) token using the received authorization code.
8	Portal	Stores the retrieved access token in the session.
9	Portal	Uses the stored access token to send authenticated requests to Business Central.
10	User	Uses the portal, now connected successfully to Business Central.