Question 130 of 130 from exam PL-400: Microsoft Power Platform Developer

Q: Please select the three application manifest attributes the web developer should set to true to access the Dataverse data using Postman. Here is the part of the manifest file.

allowPublicClientoauth2AllowIdTokenImplicitFlowoauth2AllowImplicitFlow.

Prev Question

Question

Please select the three application manifest attributes the web developer should set to true to access the Dataverse data using Postman.

Here is the part of the manifest file.

"id": "c84cb573-f476-4c0d-9bcf-f3dd5ab1317e",
"acceptMappedClaims": null,

"addins": [],

“appId": '"e06008c9-775c—41e8-960f-49bf383d46a2",
"appRoles": [],

"createdDateTime": "2021-04-17T06:29:57Z",
"“disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [GB],
"informationalUrls": {Dp},
"keyCredentials": [],
"knownClientApplications": [],

"LogoUrl": null,

"LogoutUrl": null,

"name": "CBFunctionAppAsAPI",

Answers

A. accessTokenAcceptedVersion

B. allowPublicClient

C. oauth2AllowUrlPathMatching

D. oauth2AllowIdTokenImplicitFlow

E. oauth2AllowImplicitFlow.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answers: B, D and E

The OAuth 2.0 is the industry-standard security protocol.

It is based on specific authorization flows for applications and devices that providers define.

The providers' list includes Azure AD, Basecamp, Dropbox, GitHub, Google, Instagram, Facebook, Salesforce, and others.

When you create a client application that uses the Dataverse data, you need to use the Azure AD as the identity provider.

For the .Net client, you use the Azure Active Directory Authentication Libraries (ADAL) for Azure AD authentication.

If the client application is Windows-based, you use the XmrTooling APIs for authentication.

The result of the authentication is the access token.

But you can use these libraries and get the token only after you register your application within your Azure AD tenant.

There are two types of client applications you can register: Web app/API and Native.

The Web app/API is an application that executes on the web server.

The Native type is running natively on the device.

When you use the Postman for the Dataverse data access, you need to edit the application manifest and set the three attributes allowPublicClient, oauth2AllowIdTokenImplicitFlow, and oauth2AllowImplicitFlow to true.

"id": "c84cb573-f476-4c0d-9bcf-f3dd5ab1317e",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": null,

"addins": [],

"allowPublicCli
"appiId": '"eQ6008c9-775c—41e8-960f-49bf383d46a2",
"appRoles": [],

"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2021-@4-17T06:29:57Z",
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [GD],

"informationalUrls": { GD},

"keyCredentials": [],

"knownClientApplications": [],

"LogoUrl": null,
"LogoutUrl": null,

"name": "CBFunctionAppAsAPI",

After the app registration and adding the permissions to the Dataverse access, you can request the OAuth 2.0 access token using the Postman.

Then you can use this token to query the Dataverse database.

All other options are incorrect.

For more information about using the Postman to access the Dataverse data, please visit the below URL:

Prev Question