Add a Step 4 to OBO another API than Graph

[marc-personeni]

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [x ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Not applicable

Any log messages given by the failure

Not applicable

Expected/desired behavior

Demonstrated ability to call a downstream API. Something similar to what you did with https://github.com/Azure-Samples/active-directory-dotnet-webapi-onbehalfof-ca

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?) Windows 10

Versions

Same Same Same

Mention any other details that might be useful

I used Step 2 as a baseline, got it to work, added a "CrmController" that I copy-pasted-adapted to receive a GET on /api/crm and issue a GET to https://myorg.crm6.dynamics.com/api/data/v9.1/accounts (a url that works well with Chrome's RestLet addon). Using the WPF client (I added a button to call /api/crm) I bump in a consent flow. I get a message box telling me that "consent is needed", I click OK, the browser opens and tells me that I have already consented to "TodoListService". This leads me to believe that I think I am requesting a token for dynamics url, but in fact it requests it elsewhere. I can see in the Visual Studio output it cannot find "user_impersonation" scope (a dynamics one) in the application which object id is "00000003-0000-0000-c000-000000000000" whereas dynamics is "00000007-0000-0000-c000-000000000000".

---

Thanks! We'll be in touch soon.

[jmprieur]

@marc-personeni you'll find the OBO sample here: https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph

[TiagoBrenck]

We have also changed the scope to access_as_user recently. Can you make sure that your repository is updated?