Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Access token not being regenerated after expiration

NishkalaPuli
New Contributor II
New Contributor II

Below is my connection Json:

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://login.microsoftonline.com/********590103f3/oauth2/v2.0/token",
"httpMethod": "GET",
"httpHeaders": {},
"httpParams": {
"grant_type": "client_credentials",
"client_id": "12d*******e6cfb1",
"scope": "api://007d0**********059de/.default",
"client_secret": "M2c8Q~************WeIzaE~"
},
"expiryError": "Unauthorized. Access token is missing or invalid.",
"authError": [
"Unauthorized. Access token is missing or invalid.",
"HTTP ERROR",
"USER_AUTHENTICATION_FAILED",
"PARTNER_AUTHENTICATION_FAILED",
"Authentication Failed",
"Authentication failed.",
"Unauthorized",
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken",
"unauthorized_client",
"HTTP ERROR: 401",
"statusCode: 401",
"401 Unauthorized",
"401",
"403",
"400",
"Access token is missing or invalid"
],
"timeOutError": "Read timed out",
"errorPath": "message",
"maxRefreshTryCount": 6,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer testrandval",
"retryFailureStatusCode": [
401,
400,
403,
500
]
}
}
}

I am not able to generate the access token.

9 REPLIES 9

NishkalaPuli
New Contributor II
New Contributor II

Below is the response via postman if I pass an invalid token to create an account:

 

{
    "statusCode": 401,
    "message": "Unauthorized. Access token is missing or invalid."
}

If i pass the right at "accessToken": "Bearer testrandval", instead of using  testrandval, account is created. In the createaccount json I am using this.:

 

"Authorization": "${access_token}"

NishkalaPuli
New Contributor II
New Contributor II

Please let me know the changes to be made. Also,  if the client secret has ~ as a part of it, Is it okay ?

example client secret: ***~******~EU_nmroWeIzaE~

Does saviynt allow this ?

Please provide postman screenshot

Please share curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi,

Below is curl command:

 

--header 'content: application/x-www-form-urlencoded' \
--header 'Authorization: Basic MTJkMDIyMDUtYjNkM*****mIxOk0yYzhRfk5DRHNEVVZvNG04ZWpNc3FPcmN+RVVfbm1yb1dlSXphRX4=' \
--header 'Cookie: fpc=AnAlVRNhfvJCpQbRC-IAH2eClf7WAgAAABZ-rd0OAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=12d02205-b3d*****b04fe6cfb1' \
--data-urlencode 'client_secret=M2c8Q~NCDsDUVo4*******mroWeIzaE~' \
--data-urlencode 'scope=api://007d03a1-18fe-******495e6b059de/.default'

Can you share logs to see what error is coming enable showlogs =true


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Manu269
All-Star
All-Star

@NishkalaPuli can you please add more details what assistance you are looking for?

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

Falcon
Saviynt Employee
Saviynt Employee

Disclaimer -This response is created by AI and may not be accurate. Please verify the information before use. Your feedback helps us improve.

It seems like the main issue with your connection JSON could be related to the HTTP method specified for obtaining the OAuth2 token. OAuth2 typically requires a "POST" request to retrieve the token, but your JSON specifies "GET". Let's address this along with any other potential discrepancies:

  1. HTTP Method: Change "httpMethod": "GET" to "httpMethod": "POST" as OAuth2 token endpoint generally expects a POST request.

  2. Content-Type Header: Ensure you are setting the "Content-Type" to "application/x-www-form-urlencoded" if required by the token endpoint.

  3. Scope of Token: Verify that the scope specified is correct and matches exactly with what the OAuth2 server expects.

  4. Error Handling: You have a comprehensive list of possible authentication errors. Ensure these are the specific errors returned by your OAuth2 server.

  5. Retry Mechanism: Your retryFailureStatusCode list is good. However, check if there are other status codes that the token endpoint might return which should trigger a retry.

Here is an updated version of your connection JSON:

 

{
  "authentications": {
    "acctAuth": {
      "authType": "oauth2",
      "url": "https://login.microsoftonline.com/********590103f3/oauth2/v2.0/token",
      "httpMethod": "POST",
      "httpHeaders": {
        "Content-Type": "application/x-www-form-urlencoded"
      },
      "httpParams": {
        "grant_type": "client_credentials",
        "client_id": "12d*******e6cfb1",
        "scope": "api://007d0**********059de/.default",
        "client_secret": "M2c8Q~************WeIzaE~"
      },
      "expiryError": "Unauthorized. Access token is missing or invalid.",
      "authError": [
        "Unauthorized. Access token is missing or invalid.",
        "HTTP ERROR",
        "USER_AUTHENTICATION_FAILED",
        "PARTNER_AUTHENTICATION_FAILED",
        "Authentication Failed",
        "Authentication failed.",
        "Unauthorized",
        "InvalidAuthenticationToken",
        "AuthenticationFailed",
        "Authentication_MissingOrMalformed",
        "Authentication_ExpiredToken",
        "unauthorized_client",
        "HTTP ERROR: 401",
        "statusCode: 401",
        "401 Unauthorized",
        "401",
        "403",
        "400",
        "Access token is missing or invalid"
      ],
      "timeOutError": "Read timed out",
      "errorPath": "message",
      "maxRefreshTryCount": 6,
      "tokenResponsePath": "access_token",
      "tokenType": "Bearer",
      "accessToken": "Bearer testrandval",
      "retryFailureStatusCode": [
        401,
        400,
        403,
        500
      ]
    }
  }
}

 

Please update your JSON according to the given recommendations, and check if your access token is successfully generated. Make sure the endpoint URL, client ID, and client secret are all correctly specified and that the client has permissions for the scope requested.