In a recent event we had with the partners community on the new Dynamics 365 Business Central 2022 Wave 1 release (version 20) we received some questions and requests of clarifications about Basic authentication deprecation.
The reason of this quick post is trying to clarify what happens on Basic Authentication in Dynamics 365 Business Central SaaS from version 20. As you know, Microsoft announced time ago that Basic authentication is deprecated on the SaaS environment and now you need to start using the OAuth 2.0 authorization protocol.
Simply speaking, OAuth 2.0 is a standard authorization protocol designed to allow an application to access resources hosted by other applications on behalf of a user. OAuth 2.0 provides consented access and restricts actions of what the client app can perform on resources on behalf of the user, without ever sharing the user’s credentials. OAuth 2.0 uses Access Tokens (that essentially are data that represents the authorization to access resources on behalf of the end-user) and scopes (used to specify exactly the reason for which access to resources may be granted). OAuth flows are essentially processes supported by OAuth for authorization and resource owners for authentication. There are OAuth flows enabling users to enter credentials via an OAuth login prompt directly into the app, or even supporting authentication without user involvement for back-end systems.
But what about the future of Basic authentication and OAuth 2.0 in Dynamics 365 Business Central? Let’s try to fix some points…
They 4 key points to remember are the following:
- Basic Authentication is deprecated on version 20 and it will be unsupported started from now (no support requests).
- New tenants created on version 20 cannot use Basic authentication.
- Existing tenants upgraded to version 20 can continue to use Basic authentication.
- Basic authentication will be disabled for everyone on Dynamics 365 Business Central version 21.
Despite the possibility of point 3, please upgrade all your integrations to OAuth as soon as possible. There’s no valid reasons to wait, OAuth is quite easy to setup and absolutely more secure and future proof.