feat(TDI-48543): MSCRM ROPC flow supported / fix lib version

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/pom.xml

@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.talend.components</groupId>
     <artifactId>talend-mscrm</artifactId>
-    <version>3.10.2-20220831</version>
+    <version>3.10.3-20221013</version>
     <packaging>jar</packaging>
     <description>A forked Talend-MSCRM library, developed to use in Studio 7.3.1 only. It's main intention is to contain CVE fixes.</description>
 

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/src/main/java/org/talend/ms/crm/odata/ClientConfiguration.java

@@ -19,7 +19,7 @@ public final class ClientConfiguration {
     /*
      * Implemented authentication strategies for OData/MS CRM.
      */
-    public static enum AuthStrategyEnum {NTLM, OAUTH, OAUTH_PREMISE};
+    public static enum AuthStrategyEnum {NTLM, OAUTH, OAUTH_PREMISE, OAUTH_ROPC_PREMISE};
 
     /*
      * Kind of registered app on azure
@@ -46,6 +46,11 @@ public final class ClientConfiguration {
      */
     private String resource;
 
+    /*
+     * Scopes with a space delimitation
+     */
+    private String scope;
+
     /*
      * Username of the managed or federated user.
      */
@@ -71,14 +76,16 @@ public final class ClientConfiguration {
      */
     private String authoryEndpoint;
 
+    /*
+     * The OAuth token endpoint for ROPC
+     */
+    private String oauthTokenEndpoint;
+
     /*
      * The redirect URL
      */
     private String redirectURL;
 
-    /*
-     * The service API to retrieve the resource we ask for with oauth on-premise
-     */
     private String serviceAPI;
 
     private int maxRetryTimes = 5;
@@ -152,6 +159,14 @@ public final class ClientConfiguration {
         this.resource = resource;
     }
 
+    public String getScope(){
+        return this.scope;
+    }
+
+    public void setScope(String scope){
+        this.scope = scope;
+    }
+
     public String getUserName() {
         return userName;
     }
@@ -176,6 +191,14 @@ public final class ClientConfiguration {
         this.authoryEndpoint = authoryEndpoint;
     }
 
+    public String getOAuthTokenEndpoint(){
+        return this.oauthTokenEndpoint;
+    }
+
+    public void setOAuthTokenEndpoint(String oauthTokenEndpoint){
+        this.oauthTokenEndpoint = oauthTokenEndpoint;
+    }
+
     public int getMaxRetryTimes() {
         return maxRetryTimes;
     }
@@ -192,7 +215,6 @@ public final class ClientConfiguration {
 
     }
 
-
     public void setTimeout(int timeout) {
         this.timeout = timeout;
     }

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/src/main/java/org/talend/ms/crm/odata/ClientConfigurationFactory.java

@@ -74,4 +74,20 @@ public class ClientConfigurationFactory {
         return clientConfiguration;
     }
 
+    public final static ClientConfiguration buildOAuthPremiseROPCClientConfiguration(String userName, String password, String oauthTokenEndpoint,
+                                                                                     String serviceAPI, String clientId, String clientSecret,
+                                                                                     String forcedResource, String scope) {
+        ClientConfiguration clientConfiguration = new ClientConfiguration(AuthStrategyEnum.OAUTH_ROPC_PREMISE);
+        clientConfiguration.setUserName(userName);
+        clientConfiguration.setPassword(password);
+        clientConfiguration.setOAuthTokenEndpoint(oauthTokenEndpoint);
+        clientConfiguration.setClientId(clientId);
+        clientConfiguration.setClientSecret(clientSecret);
+        clientConfiguration.setServiceAPI(serviceAPI);
+        clientConfiguration.setForceResource(forcedResource);
+        clientConfiguration.setScope(scope);
+
+        return clientConfiguration;
+    }
+
 }

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/src/main/java/org/talend/ms/crm/odata/DynamicsCRMClient.java

@@ -126,6 +126,7 @@ public class DynamicsCRMClient implements IHttpClientFactoryObserver {
 
     private void init() throws AuthenticationException {
         odataClient = ODataClientFactory.getClient();
+
         if (clientConfiguration != null && serviceRootURL != null && serviceRootURL.indexOf("/api/data") > 0) {
             clientConfiguration.setResource(serviceRootURL.substring(0, serviceRootURL.indexOf("/api/data")));
         }

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/src/main/java/org/talend/ms/crm/odata/authentication/AuthStrategyFactory.java

@@ -36,6 +36,9 @@ public final class AuthStrategyFactory {
             case OAUTH_PREMISE:
                 authStrategy = new OAuthPremiseStrategyImpl(conf);
                 break;
+            case OAUTH_ROPC_PREMISE:
+                authStrategy = new OAuthPremiseROPCStrategyImpl(conf);
+                break;
         }
 
         return authStrategy;

main/plugins/org.talend.designer.components.libs/libs_src/talend-mscrm/src/main/java/org/talend/ms/crm/odata/authentication/OAuthPremiseROPCStrategyImpl.java

@@ -0,0 +1,160 @@
+package org.talend.ms.crm.odata.authentication;
+
+import com.google.gson.Gson;
+import com.google.gson.JsonIOException;
+import com.google.gson.JsonSyntaxException;
+import com.google.gson.stream.JsonReader;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.olingo.client.api.communication.request.ODataRequest;
+import org.apache.olingo.commons.api.http.HttpHeader;
+import org.talend.ms.crm.odata.ClientConfiguration;
+import org.talend.ms.crm.odata.authentication.httpclienthelper.HttpClient;
+import org.talend.ms.crm.odata.authentication.httpclienthelper.HttpResponse;
+import org.talend.ms.crm.odata.authentication.httpclienthelper.RequestHttpContext;
+import org.talend.ms.crm.odata.authentication.httpclienthelper.Token;
+import org.talend.ms.crm.odata.httpclientfactory.IHttpclientFactoryObservable;
+import org.talend.ms.crm.odata.httpclientfactory.OAuthHttpClientFactory;
+
+import javax.naming.AuthenticationException;
+import java.io.IOException;
+import java.io.StringReader;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.atomic.AtomicInteger;
+
+public class OAuthPremiseROPCStrategyImpl implements IAuthStrategy {
+
+    private final static int MAX_REDIRECT_AUTH_CODE = 3;
+
+    private final ClientConfiguration conf;
+
+    private Token token;
+    private OAuthHttpClientFactory httpClientFactory;
+
+
+    OAuthPremiseROPCStrategyImpl(ClientConfiguration conf) {
+        this.conf = conf;
+    }
+
+    @Override
+    public void init() throws AuthenticationException {
+        oauthFlow();
+    }
+
+    @Override
+    public IHttpclientFactoryObservable getHttpClientFactory() throws AuthenticationException {
+        oauthFlow();
+
+        if (httpClientFactory == null) {
+            httpClientFactory = new OAuthHttpClientFactory(this.conf);
+        }
+
+        return httpClientFactory;
+    }
+
+    @Override
+    public void refreshAuth() throws AuthenticationException {
+        oauthFlow();
+    }
+
+    @Override
+    public void configureRequest(ODataRequest request) {
+        request.addCustomHeader(HttpHeader.AUTHORIZATION, "Bearer " + token.getAccess_token());
+    }
+
+    @Override
+    public void configureRequest(HttpRequestBase request) {
+        request.addHeader(HttpHeader.AUTHORIZATION, "Bearer " + token.getAccess_token());
+    }
+
+    private void oauthFlow() throws AuthenticationException {
+        int retry = 0;
+
+        while (true) {
+            retry++;
+            try {
+                final Optional<Token> token = retrieveToken();
+                if (token.isPresent()) {
+                    this.token = token.get();
+                    break;
+                } else {
+                    throw new IllegalArgumentException("Can't retrieve oauth token, but no exception has been raised.");
+                }
+
+            } catch (IOException | InterruptedException | IllegalArgumentException e) {
+                if (retry < conf.getMaxRetryTimes()) {
+                    try {
+                        Thread.sleep(conf.getIntervalTime());
+                    } catch (InterruptedException e1) {
+                        // ignore
+                    }
+                    continue;
+                }
+
+                throw new AuthenticationException("Can't retrieve ms crm oauth token after '" + retry + "' retries : " + e.getMessage());
+            }
+        }
+    }
+
+    private Token json2Token(String json) throws JsonIOException, JsonSyntaxException {
+        Gson gson = new Gson();
+        JsonReader jsr = new JsonReader(new StringReader(json));
+        return gson.fromJson(jsr, Token.class);
+    }
+
+    private Optional<Token> retrieveToken() throws IOException, InterruptedException, IllegalArgumentException {
+        Map<String, String> body = new HashMap<>();
+        body.put("grant_type", "password");
+        body.put("username", conf.getUserName());
+        body.put("password", conf.getPassword());
+        body.put("client_id", conf.getClientId());
+
+        if (conf.getClientSecret() != null && !"".equals(conf.getClientSecret().trim())) {
+            body.put("client_secret", conf.getClientSecret());
+        }
+
+        if(conf.getForceResource() != null && !conf.getForceResource().trim().isEmpty()) {
+            body.put("resource", conf.getForceResource());
+        }
+
+        if (conf.getScope() != null && !conf.getScope().trim().isEmpty()) {
+            body.put("scope", conf.getScope());
+        }
+
+        Map<String, String> headers = new HashMap<>();
+        headers.put("Content-Type", "application/x-www-form-urlencoded");
+
+
+        RequestHttpContext queryContext = new RequestHttpContext("POST",
+                conf.getOAuthTokenEndpoint(),
+                Collections.emptyMap(),
+                headers,
+                true,
+                conf.getTimeout() * 1000,
+                conf.getTimeout() * 1000);
+
+        queryContext.setBodyContent(body);
+
+        HttpClient client = new HttpClient(queryContext);
+
+        // Redirect are followed by the java http client
+        final HttpResponse call = client.call(new AtomicInteger(-1), e -> true);
+
+        if (call.getStatus() < 200 && call.getStatus() >= 300) {
+            throw new IllegalArgumentException(String.format("Failing retrieving MS CRM OAuth token with ROPC flow, return status is %s\n%s", call.getStatus(), call.getBody()));
+        }
+
+        Token token = null;
+        try {
+            token = json2Token(call.getBody());
+        } catch (JsonIOException | JsonSyntaxException e) {
+            throw new IllegalArgumentException("Can't parse retrieve ms crm oauth token : " + e.getMessage(), e);
+        }
+        return Optional.ofNullable(token);
+    }
+
+}

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmInput/tMicrosoftCrmInput_begin_odata.javajet

@@ -35,6 +35,13 @@ if ((metadatas != null) && (metadatas.size() > 0)) {
 			String applicationId = ElementParameterParser.getValue(node, "__APPLICATION_ID__");
 			String clientSecret = ElementParameterParser.getValue(node, "__CLIENT_SECRET__");
 			String authority = ElementParameterParser.getValue(node, "__AUTHORITY__");
+			String oauthTokenEndpoint = ElementParameterParser.getValue(node, "__OAUTH_TOKEN_ENDPOINT__");
+			String premiseOAuthFlow = ElementParameterParser.getValue(node, "__PREMISE_AUTH_FLOW__");
+			if(premiseOAuthFlow == null || premiseOAuthFlow.trim().isEmpty()){
+				// I set a default value
+				premiseOAuthFlow = "AUTHORIZATION_CODE";
+			}
+
 			String timeout = ElementParameterParser.getValue(node, "__TIMEOUT__");
 			boolean reuseHttpClient = ("true").equals(ElementParameterParser.getValue(node,"__REUSE_HTTP_CLIENT__"));
 
@@ -45,6 +52,8 @@ if ((metadatas != null) && (metadatas.size() > 0)) {
 		    String oauth_resource = ElementParameterParser.getValue(node, "__OAUTH_RESOURCE__");
 		    oauth_resource = force_oauth_resource ? oauth_resource : null;
 
+		    String oauth_scope = ElementParameterParser.getValue(node, "__OAUTH_SCOPE__");
+
 			// TODO Because of current retrieve would close httpclient automatically
         	// Need to recreated httpclient for every page query
 			reuseHttpClient =false;
@@ -93,10 +102,19 @@ if ((metadatas != null) && (metadatas.size() > 0)) {
 			<%
 				}
 				else{
+					if("ROPC".equals(premiseOAuthFlow)) {
+			%>
+					    org.talend.ms.crm.odata.ClientConfiguration clientConfig_<%=cid%> = org.talend.ms.crm.odata.ClientConfigurationFactory
+					.buildOAuthPremiseROPCClientConfiguration(<%=userName%>, decryptedPassword_<%=cid%>, <%=oauthTokenEndpoint%>, <%=serviceURL%>, <%=applicationId%>, <%=clientSecret%>, <%=oauth_resource%>, <%=oauth_scope%>);
+					
+			<%
+					}
+					else {
 			%>
 			    org.talend.ms.crm.odata.ClientConfiguration clientConfig_<%=cid%> = org.talend.ms.crm.odata.ClientConfigurationFactory
                         .buildOAuthPremiseClientConfiguration(<%=userName%>, decryptedPassword_<%=cid%>, <%=authority%>, <%=serviceURL%>,<%=applicationId%>, <%=clientSecret%>, <%=redirectUrl%>, <%=oauth_resource%>);
 			<%
+					}
 				}
 			    } else {
 			    	if("NATIVE".equals(onlineRegisterApp)){

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmInput/tMicrosoftCrmInput_java.xml

@@ -67,6 +67,15 @@
             </ITEMS>
         </PARAMETER>
 
+        <PARAMETER NAME="PREMISE_AUTH_FLOW" FIELD="CLOSED_LIST" NUM_ROW="5"
+            REQUIRED="true" SHOW_IF="(HIDDEN_OAUTH_PREMISE=='true' AND (AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH'))">
+            <ITEMS DEFAULT="AUTHORIZATION_CODE">
+                <ITEM NAME="AUTHORIZATION_CODE" VALUE="AUTHORIZATION_CODE" />
+                <ITEM NAME="ROPC" VALUE="ROPC" />
+            </ITEMS>
+        </PARAMETER>
+	
+
         <PARAMETER NAME="ONLINE_REGISTERED_APP" FIELD="CLOSED_LIST" NUM_ROW="5"
             REQUIRED="true" SHOW_IF="(AUTH_TYPE == 'ONLINE') AND (API_VERSION == 'API_2016_ODATA' OR API_VERSION == 'API_2018_ODATA')">
             <ITEMS DEFAULT="NATIVE">
@@ -141,11 +150,15 @@
             <DEFAULT>""</DEFAULT>
         </PARAMETER>
 
-        <PARAMETER NAME="AUTHORITY" FIELD="TEXT" NUM_ROW="35" REQUIRED="true" SHOW_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA')) OR (AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH')">
+        <PARAMETER NAME="AUTHORITY" FIELD="TEXT" NUM_ROW="35" REQUIRED="true" SHOW_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA')) OR (AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH' AND PREMISE_AUTH_FLOW=='AUTHORIZATION_CODE')">
             <DEFAULT>"https://login.windows.net/common/oauth2/authorize"</DEFAULT>
         </PARAMETER>
 
-        <PARAMETER NAME="REDIRECT_URL" FIELD="TEXT" NUM_ROW="37" REQUIRED="true" SHOW_IF="(AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH')">
+        <PARAMETER NAME="OAUTH_TOKEN_ENDPOINT" FIELD="TEXT" NUM_ROW="35" REQUIRED="true" SHOW_IF="(AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH' AND PREMISE_AUTH_FLOW=='ROPC')">
+            <DEFAULT>"https://mydomain.com/adfs/oauth2/token"</DEFAULT>
+        </PARAMETER>
+
+        <PARAMETER NAME="REDIRECT_URL" FIELD="TEXT" NUM_ROW="37" REQUIRED="true" SHOW_IF="(AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH' AND PREMISE_AUTH_FLOW=='AUTHORIZATION_CODE')">
             <DEFAULT>"https://localhost"</DEFAULT>
         </PARAMETER>
 
@@ -27515,6 +27528,9 @@
 	<PARAMETER NAME="OAUTH_RESOURCE" FIELD="TEXT" NUM_ROW="50" SHOW_IF="(AUTH_TYPE == 'ON_PREMISE' AND MS_CRM_VERSION == 'CRM_2016_ODATA' AND PREMISE_AUTH == 'OAUTH' AND FORCE_OAUTH_RESOURCE == 'true')">
 		<DEFAULT>"https://talend.api.crm.dynamics.com"</DEFAULT>
 	</PARAMETER>
+	<PARAMETER NAME="OAUTH_SCOPE" FIELD="TEXT" NUM_ROW="55" SHOW_IF="(AUTH_TYPE == 'ON_PREMISE' AND MS_CRM_VERSION == 'CRM_2016_ODATA' AND PREMISE_AUTH == 'OAUTH' AND PREMISE_AUTH_FLOW == 'ROPC')">
+		<DEFAULT>""</DEFAULT>
+	</PARAMETER>
         <PARAMETER NAME="EXPANDS" FIELD="TABLE" REQUIRED="false" NUM_ROW="60" NB_LINES="3" SHOW_IF="(((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA')) OR ((AUTH_TYPE=='ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018')))">
             <ITEMS>
                 <ITEM NAME="INPUT_COLUMN" FIELD="COLUMN_LIST" />
@@ -27558,7 +27574,7 @@
                 <IMPORT NAME="jcifs" MODULE="jcifs-1.3.0.jar" MVN="mvn:org.talend.libraries/jcifs-1.3.0/6.0.0"  REQUIRED_IF="((AUTH_TYPE == 'ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2011')) OR (API_VERSION=='API_2007')" />
                 <!-- 2011 -->
                 <!-- crm client -->
-                <IMPORT NAME="talend-mscrm" MODULE="talend-mscrm-3.10.2-20220831.jar" MVN="mvn:org.talend.components/talend-mscrm/3.10.2-20220831" REQUIRED_IF="(((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION =='API_2016_ODATA' OR API_VERSION =='API_2018_ODATA')) OR ((AUTH_TYPE=='ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018')))" />
+                <IMPORT NAME="talend-mscrm" MODULE="talend-mscrm-3.10.3-20221013.jar" MVN="mvn:org.talend.components/talend-mscrm/3.10.3-20221013" REQUIRED_IF="(((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION =='API_2016_ODATA' OR API_VERSION =='API_2018_ODATA')) OR ((AUTH_TYPE=='ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018')))" />
                 <!-- axis2 1.7.4 -->
                 <IMPORT NAME="activation-1.1" MODULE="activation-1.1.jar" MVN="mvn:org.talend.libraries/activation-1.1/6.0.0"  UrlPath="platform:/plugin/org.talend.libraries.apache.axis2/lib/activation-1.1.jar" REQUIRED_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011')" />
                 <IMPORT NAME="axiom-api-1.2.20" MODULE="axiom-api-1.2.20.jar" MVN="mvn:org.talend.libraries/axiom-api-1.2.20/6.0.0"  REQUIRED_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011')" />

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmInput/tMicrosoftCrmInput_messages.properties

@@ -336,6 +336,7 @@ CERTIFICATE_PATH.NAME=Trust Certificate
 
 APPLICATION_ID.NAME=Application ID
 AUTHORITY.NAME=OAuth authorization endpoint
+OAUTH_TOKEN_ENDPOINT.NAME=Token endpoint
 
 MAX_RECONN_ATTEMPS.NAME=Max number of reconnection attempts
 ATTEMPS_INTERVAL_TIME.NAME=Attempts interval time(milliseconds)
@@ -869,9 +870,13 @@ ENTITYSETV2018.ITEM.CustomEntitySet=CustomEntitySet
 PREMISE_AUTH.NAME=Mode
 PREMISE_AUTH.ITEM.NTLM=NTLM
 PREMISE_AUTH.ITEM.OAUTH=OAUTH 2.0
+PREMISE_AUTH_FLOW.NAME=Flow
+PREMISE_AUTH_FLOW.ITEM.AUTHORIZATION_CODE=AUTH CODE
+PREMISE_AUTH_FLOW.ITEM.ROPC=ROPC
 REDIRECT_URL.NAME=Redirect URL
 FORCE_OAUTH_RESOURCE.NAME=Force OAuth resource
 OAUTH_RESOURCE.NAME=Resource
+OAUTH_SCOPE.NAME=Scope
 EXPANDS.NAME=Expand entity
 EXPANDS.ITEM.INPUT_COLUMN=Expandable column
 EXPANDS.ITEM.EXPAND_PARAMS=OData query option

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmOutput/tMicrosoftCrmOutput_begin_odata.javajet

@@ -8,6 +8,12 @@
 	String applicationId = ElementParameterParser.getValue(node, "__APPLICATION_ID__");
 	String clientSecret = ElementParameterParser.getValue(node, "__CLIENT_SECRET__");
 	String authority = ElementParameterParser.getValue(node, "__AUTHORITY__");
+	String oauthTokenEndpoint = ElementParameterParser.getValue(node, "__OAUTH_TOKEN_ENDPOINT__");
+	String premiseOAuthFlow = ElementParameterParser.getValue(node, "__PREMISE_AUTH_FLOW__");
+	if(premiseOAuthFlow == null || premiseOAuthFlow.trim().isEmpty()){
+		// I set a default value
+		premiseOAuthFlow = "AUTHORIZATION_CODE";
+	}
 	
 	String timeout = ElementParameterParser.getValue(node, "__TIMEOUT__");
 	boolean reuseHttpClient = ("true").equals(ElementParameterParser.getValue(node,"__REUSE_HTTP_CLIENT__"));
@@ -19,6 +25,8 @@
         String oauth_resource = ElementParameterParser.getValue(node, "__OAUTH_RESOURCE__");
         oauth_resource = force_oauth_resource ? oauth_resource : null;
 
+	String oauth_scope = ElementParameterParser.getValue(node, "__OAUTH_SCOPE__");
+
 	%>
 	int nb_line_<%=cid%> = 0;
 	<%
@@ -78,10 +86,19 @@
     <%
        }
        else {
-    %>
-    org.talend.ms.crm.odata.ClientConfiguration clientConfig_<%=cid%> = org.talend.ms.crm.odata.ClientConfigurationFactory
-            .buildOAuthPremiseClientConfiguration(<%=userName%>, decryptedPassword_<%=cid%>, <%=authority%>, <%=serviceURL%>,<%=applicationId%>, <%=clientSecret%>, <%=redirectUrl%>, <%=oauth_resource%>);
-    <%
+			if("ROPC".equals(premiseOAuthFlow)) {
+	%>
+			    org.talend.ms.crm.odata.ClientConfiguration clientConfig_<%=cid%> = org.talend.ms.crm.odata.ClientConfigurationFactory
+			.buildOAuthPremiseROPCClientConfiguration(<%=userName%>, decryptedPassword_<%=cid%>, <%=oauthTokenEndpoint%>, <%=serviceURL%>, <%=applicationId%>, <%=clientSecret%>, <%=oauth_resource%>, <%=oauth_scope%>);
+			
+	<%
+			}
+			else {
+	%>
+			    org.talend.ms.crm.odata.ClientConfiguration clientConfig_<%=cid%> = org.talend.ms.crm.odata.ClientConfigurationFactory
+				    .buildOAuthPremiseClientConfiguration(<%=userName%>, decryptedPassword_<%=cid%>, <%=authority%>, <%=serviceURL%>,<%=applicationId%>, <%=clientSecret%>, <%=redirectUrl%>, <%=oauth_resource%>);
+	<%
+			}
        }
     } else {
     	if("NATIVE".equals(onlineRegisterApp)){

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmOutput/tMicrosoftCrmOutput_java.xml

@@ -67,6 +67,14 @@
             </ITEMS>
         </PARAMETER>
 
+        <PARAMETER NAME="PREMISE_AUTH_FLOW" FIELD="CLOSED_LIST" NUM_ROW="5"
+            REQUIRED="true" SHOW_IF="(HIDDEN_OAUTH_PREMISE=='true' AND (AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH'))">
+            <ITEMS DEFAULT="AUTHORIZATION_CODE">
+                <ITEM NAME="AUTHORIZATION_CODE" VALUE="AUTHORIZATION_CODE" />
+                <ITEM NAME="ROPC" VALUE="ROPC" />
+            </ITEMS>
+        </PARAMETER>
+
         <PARAMETER NAME="ONLINE_REGISTERED_APP" FIELD="CLOSED_LIST" NUM_ROW="5"
             REQUIRED="true" SHOW_IF="(AUTH_TYPE == 'ONLINE') AND (API_VERSION == 'API_2016_ODATA' OR API_VERSION == 'API_2018_ODATA')">
             <ITEMS DEFAULT="NATIVE">
@@ -141,11 +149,15 @@
             <DEFAULT>""</DEFAULT>
         </PARAMETER>
 
-        <PARAMETER NAME="AUTHORITY" FIELD="TEXT" NUM_ROW="42" REQUIRED="true" SHOW_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA')) OR (AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH')">
+        <PARAMETER NAME="AUTHORITY" FIELD="TEXT" NUM_ROW="42" REQUIRED="true" SHOW_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA')) OR (AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH' AND PREMISE_AUTH_FLOW=='AUTHORIZATION_CODE')">
             <DEFAULT>"https://login.windows.net/common/oauth2/authorize"</DEFAULT>
         </PARAMETER>
 
-        <PARAMETER NAME="REDIRECT_URL" FIELD="TEXT" NUM_ROW="43" REQUIRED="true" SHOW_IF="(AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH')">
+        <PARAMETER NAME="OAUTH_TOKEN_ENDPOINT" FIELD="TEXT" NUM_ROW="42" REQUIRED="true" SHOW_IF="(AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH' AND PREMISE_AUTH_FLOW=='ROPC')">
+            <DEFAULT>"https://mydomain.com/adfs/oauth2/token"</DEFAULT>
+        </PARAMETER>
+
+        <PARAMETER NAME="REDIRECT_URL" FIELD="TEXT" NUM_ROW="43" REQUIRED="true" SHOW_IF="(AUTH_TYPE=='ON_PREMISE' AND MS_CRM_VERSION=='CRM_2016' AND PREMISE_AUTH=='OAUTH' AND PREMISE_AUTH_FLOW=='AUTHORIZATION_CODE')">
             <DEFAULT>"https://localhost"</DEFAULT>
         </PARAMETER>
 
@@ -38277,6 +38289,9 @@
 	<PARAMETER NAME="OAUTH_RESOURCE" FIELD="TEXT" NUM_ROW="50" SHOW_IF="(AUTH_TYPE == 'ON_PREMISE' AND MS_CRM_VERSION == 'CRM_2016_ODATA' AND PREMISE_AUTH == 'OAUTH' AND FORCE_OAUTH_RESOURCE == 'true')">
 		<DEFAULT>"https://talend.api.crm.dynamics.com"</DEFAULT>
 	</PARAMETER>
+	<PARAMETER NAME="OAUTH_SCOPE" FIELD="TEXT" NUM_ROW="55" SHOW_IF="(AUTH_TYPE == 'ON_PREMISE' AND MS_CRM_VERSION == 'CRM_2016_ODATA' AND PREMISE_AUTH == 'OAUTH' AND PREMISE_AUTH_FLOW == 'ROPC')">
+		<DEFAULT>""</DEFAULT>
+	</PARAMETER>
         <PARAMETER NAME="HEADERS" FIELD="TABLE" REQUIRED="false" NUM_ROW="70" NB_LINES="3" SHOW_IF="(((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2016_ODATA' OR API_VERSION=='API_2018_ODATA')) OR ((AUTH_TYPE=='ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018')))">
             <ITEMS>
                 <ITEM NAME="KEY" FIELD="String" />
@@ -38317,7 +38332,7 @@
             <IMPORT NAME="jcifs" MODULE="jcifs-1.3.0.jar" MVN="mvn:org.talend.libraries/jcifs-1.3.0/6.0.0"  REQUIRED_IF="((AUTH_TYPE == 'ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2011')) OR (API_VERSION=='API_2007')" />
             <!-- 2011 -->
             <!-- crm client -->
-            <IMPORT NAME="talend-mscrm" MODULE="talend-mscrm-3.10.2-20220831.jar" MVN="mvn:org.talend.components/talend-mscrm/3.10.2-20220831" REQUIRED_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION =='API_2016_ODATA' OR API_VERSION =='API_2018_ODATA')) OR ((AUTH_TYPE == 'ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018'))" />
+            <IMPORT NAME="talend-mscrm" MODULE="talend-mscrm-3.10.3-20221013.jar" MVN="mvn:org.talend.components/talend-mscrm/3.10.3-20221013" REQUIRED_IF="((AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011' OR API_VERSION =='API_2016_ODATA' OR API_VERSION =='API_2018_ODATA')) OR ((AUTH_TYPE == 'ON_PREMISE') AND (MS_CRM_VERSION == 'CRM_2016' OR MS_CRM_VERSION == 'CRM_2018'))" />
             <!-- axis2 1.7.4 -->
             <IMPORT NAME="activation-1.1" MODULE="activation-1.1.jar" MVN="mvn:org.talend.libraries/activation-1.1/6.0.0"  UrlPath="platform:/plugin/org.talend.libraries.apache.axis2/lib/activation-1.1.jar" REQUIRED_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011')" />
             <IMPORT NAME="axiom-api-1.2.20" MODULE="axiom-api-1.2.20.jar" MVN="mvn:org.talend.libraries/axiom-api-1.2.20/6.0.0"  REQUIRED_IF="(AUTH_TYPE=='ONLINE') AND (API_VERSION=='API_2011')" />

main/plugins/org.talend.designer.components.localprovider/components/tMicrosoftCrmOutput/tMicrosoftCrmOutput_messages.properties

@@ -328,6 +328,7 @@ CERTIFICATE_PATH.NAME=Trust Certificate
 
 APPLICATION_ID.NAME=Application ID
 AUTHORITY.NAME=OAuth authorization endpoint
+OAUTH_TOKEN_ENDPOINT.NAME=Token endpoint
 
 EMPTY_LOOKUP_TO_NULL.NAME=Transform empty lookup string values to NULL
 IGNORE_NULL.NAME=Ignore Null
@@ -859,9 +860,13 @@ ENTITYSETV2018.ITEM.CustomEntitySet=CustomEntitySet
 PREMISE_AUTH.NAME=Mode
 PREMISE_AUTH.ITEM.NTLM=NTLM
 PREMISE_AUTH.ITEM.OAUTH=OAUTH 2.0
+PREMISE_AUTH_FLOW.NAME=Flow
+PREMISE_AUTH_FLOW.ITEM.AUTHORIZATION_CODE=AUTH CODE
+PREMISE_AUTH_FLOW.ITEM.ROPC=ROPC
 REDIRECT_URL.NAME=Redirect URL
 FORCE_OAUTH_RESOURCE.NAME=Force OAuth resource
 OAUTH_RESOURCE.NAME=Resource
+OAUTH_SCOPE.NAME=Scope
 
 HEADERS.NAME=Custom headers
 HEADERS.ITEM.KEY=Name