Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Refresh token is not working automatically

Sankar
New Contributor
New Contributor

Hi All,

I am using REST connector for an application integration. I am using the below connection Json and it is working when I pasted to connection JSON parameter under connection. 

After the token is expired, I could see the below error in logs.

++++++++++++++++++

2023-11-15 04:42:42,765 [quartzScheduler_Worker-5] DEBUG services.HttpClientUtilityService - called api...
2023-11-15 04:42:42,765 [quartzScheduler_Worker-5] DEBUG services.HttpClientUtilityService - timeout validated for api...
2023-11-15 04:42:42,765 [quartzScheduler_Worker-5] DEBUG services.HttpClientUtilityService - got response for api...
2023-11-15 04:42:42,765 [quartzScheduler_Worker-5] DEBUG rest.RestUtilService - Got showLogs = true
2023-11-15 04:42:42,766 [quartzScheduler_Worker-5] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Content-Type: application/json; charset=utf-8, Content-Length: 23, Vary: Origin, X-Kong-Response-Latency: 0, Date: Wed, 15 Nov 2023 04:42:42 GMT, Connection: keep-alive, Content-Security-Policy: default-src 'none', X-Frame-Options: DENY, X-Content-Type-Options: nosniff, X-XSS-Protection: 1; mode=block, Strict-Transport-Security: max-age=31536000;preload], responseText:{"exp":"token expired"}, cookies:[], statusCode:401]

++++++++++++++++++++++++++

Once I saw this message, I pasting the same Json to connectionJson parameters.

And again it is working.

Automatically the token is not refreshing.

Can you please help me with this.

+++++++++++++++++++++++++++++++++++

Connection Json:

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"httpParams": {
"grant_type": "client_credentials",
"refresh_token": "${refresh_token}"
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded",
"Authorization": "Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"authError": [
"InvalidAuthenticationToken",
"User Not Authenticated"
],
"url": "https://api.XXXXXX.com/accounts/connect/token ",
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"authHeaderName": "Authorization",
"retryFailureStatusCode": []
}
}
}

+++++++++++++++++++++++++++++

Postman Response:

Sankar_0-1700753944750.png

 

Thanks,

Sankar

[This message has been edited by moderator to remove sensitive info]

19 REPLIES 19

rushikeshvartak
All-Star
All-Star

Can you share curl url to check parameters being sent 

additionally accessToken is missing

Json:

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"httpParams": {
"grant_type": "client_credentials",
"refresh_token": "${refresh_token}"
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded",
"Authorization": "Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"authError": [
"InvalidAuthenticationToken",
"User Not Authenticated"
],
"url": "https://api.XXXXXX.com/accounts/connect/token ",
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"authHeaderName": "Authorization",

"accessToken": "Bearer abcd",
"retryFailureStatusCode": []
}
}
}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sankar
New Contributor
New Contributor

Hi @rushikeshvartak ,

Please find the Curl command from api docs.

++++++++++++++++++++++++++

curl --location --request POST 'https://api.XXXXXX.com/accounts/connect/token' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--header 'Authorization: Basic <credentials>' \

--data-urlencode 'grant_type=client_credentials'

# <credentials> is the base64 encoding of the consumer key and consumer secrect of the WalkMe account joined by a colon.

+++++++++++++++++++++++++

 

Thanks,
Sankar.

Sankar
New Contributor
New Contributor

Also, I have one Query, From the postman I could see token_type for Bearer.

But in Connection json, we are using, "tokenType" : "Bearer"

Will this also an issue?

Please confirm this.

Thanks,
Sankar.

Sankar
New Contributor
New Contributor

Hi @rushikeshvartak ,

As you suggested, I have added the "accessToken": "Bearer abcd" into connection json. Even though, I got the token expired error.

Please find the logs as below.

+++++++++++++++++++++++++++++++++

2023-11-24/15:13:01.072 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - called api...
2023-11-24/15:13:01.072 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - timeout validated for api...
2023-11-24/15:13:01.072 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - got response for api...
2023-11-24/15:13:01.072 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestUtilService - Got showLogs = true
2023-11-24/15:13:01.072 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Content-Type: application/json; charset=utf-8, Content-Length: 23, Vary: Origin, X-Kong-Response-Latency: 2, Date: Fri, 24 Nov 2023 15:13:01 GMT, Connection: keep-alive, Content-Security-Policy: default-src 'none', X-Frame-Options: DENY, X-Content-Type-Options: nosniff, X-XSS-Protection: 1; mode=block, Strict-Transport-Security: max-age=31536000;preload], responseText:{"exp":"token expired"}, cookies:[], statusCode:401]
2023-11-24/15:13:01.072 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestUtilService - pullObjectsByRest - responseStatusCode ::401
2023-11-24/15:13:01.072 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestProvisioningService - Entered getResponseHeaders method
2023-11-24/15:13:01.072 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestProvisioningService - responseError : null
2023-11-24/15:13:01.072 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestProvisioningService - isAuthError: false

++++++++++++++++++++++++++++++++++++++

Please also find the connection which I used.

+++++++++++++++++++++

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"httpParams": {
"grant_type": "client_credentials",
"refresh_token": "${refresh_token}"
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded",
"Authorization": "Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
},
"authError": [
"InvalidAuthenticationToken",
"User Not Authenticated"
],
"url": "https://api.XXXXXX.com/accounts/connect/token",
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abcd",
"authHeaderName": "Authorization",
"retryFailureStatusCode": []
}
}
}

+++++++++++++++++++++

 

Can Someone help me on this.

 

Thanks,
Sankar.

 

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"httpParams": {
"grant_type": "client_credentials",
"refresh_token": "${refresh_token}"
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded",
"Authorization": "Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"authError": [
"InvalidAuthenticationToken",
"User Not Authenticated"
],
"url": "https://api.XXXXXX.com/accounts/connect/token ",
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"authHeaderName": "Authorization",

"accessToken": "Bearer abcd",
"retryFailureStatusCode": [401]
}
}
}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak 

I will check the given json and keep you posted. 

Can you please confirm one thing, For my application I don't refresh token in POST call still we ned to use refresh token in Json.

Thanks,

Sankar.

Rishi
Saviynt Employee
Saviynt Employee

Please refer to this JSON developer document, it has examples on parameters to map refresh token.
https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm

Let us know in case you still have question.

Sankar
New Contributor
New Contributor

Hi Rishi,

For my application, I don't have refresh token through POST Api calls.

 

Actually through POST call I am authenticating and generating the access token for 24hrs. Using the access I need do the other operations. So no refresh token for this application.

Can you please help with this.

Thanks,
sankar.

Can you share curl command output from postman

rushikeshvartak_0-1701927868684.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sankar
New Contributor
New Contributor

Hi @rushikeshvartak ,

Please find the curl command for thesame.

Sankar_0-1701933020541.png

Thanks,
Sankar.

 

{
"authentications": {
"userAuth": {
"authType": "Basic",
"httpParams": {
"grant_type": "client_credentials",
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded",
"Authorization": "Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"authError": [
"InvalidAuthenticationToken",
"User Not Authenticated"
],
"url": "https://api.XXXXXX.com/accounts/connect/token ",
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"authHeaderName": "Authorization",

"accessToken": "Bearer abcd",
"retryFailureStatusCode": [401]
}
}
}

Refer Basic auth documentation : https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Developers-Handbook.htm


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak ,

I tried with the given sample Json, But it is not working. We are getting unauthorized error.

 

Please find the JSON and respective logs.

JSON:

{
"authentications": {
"userAuth": {
"authType": "Basic",
"httpParams": {
"grant_type": "client_credentials",
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded",
"Authorization": "Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"authError": [
"InvalidAuthenticationToken",
"User Not Authenticated"
],
"url": "https://api.xxxxxx.com/accounts/connect/token",
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"errorPath": "error.message",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"authHeaderName": "Authorization",
"accessToken": "Bearer xxxxxxxxxxxxxx",
"retryFailureStatusCode": [401]
}
}
}

Logs:

2023-12-08/19:27:00.749 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestProvisioningService - Calling Webservice Url - https://api.walkme.com/public/v1/scim/AccessRoles with httpParams - null
2023-12-08/19:27:00.749 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - calling executeRequestWithTimeoutConfig for api...
2023-12-08/19:27:00.749 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - Enter getTimeOutConfig
2023-12-08/19:27:00.749 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - connectionType: REST
2023-12-08/19:27:00.749 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - connectionTimeoutConfig before guardRail validation: null
2023-12-08/19:27:00.749 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - INFO: connectionTimeoutConfig is null, setting it to default value
2023-12-08/19:27:00.749 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - Final connectionTimeoutConfig after guardRail validation: [connectionTimeout:10, readTimeout:60, retryCount:3, retryWait:2]
2023-12-08/19:27:00.749 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - calling api...
2023-12-08/19:27:00.750 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - before calling executeRequestWithHeaders for api...
2023-12-08/19:27:00.750 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - isFipsEnabled = false
2023-12-08/19:27:00.750 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null
2023-12-08/19:27:00.750 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null
2023-12-08/19:27:00.750 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null
2023-12-08/19:27:00.751 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - setting connection timeout to 10 seconds and request timeout to 60 seconds
2023-12-08/19:27:00.751 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called.
2023-12-08/19:27:00.852 [{}] [pool-6-thread-3] DEBUG println.PrintlnToLogger - Println :: INSERT =1
2023-12-08/19:27:00.980 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - called executeGetRequestWithHeaders for api...
2023-12-08/19:27:00.980 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - after calling executeRequestWithHeaders for api...
2023-12-08/19:27:00.980 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - called api...
2023-12-08/19:27:00.980 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - timeout validated for api...
2023-12-08/19:27:00.980 [{}] [quartzScheduler_Worker-8] DEBUG services.HttpClientUtilityService - got response for api...
2023-12-08/19:27:00.980 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestUtilService - Got showLogs = true
2023-12-08/19:27:00.981 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Content-Type: application/json; charset=utf-8, Content-Length: 26, Vary: Origin, X-Kong-Response-Latency: 0, Date: Fri, 08 Dec 2023 19:27:00 GMT, Connection: keep-alive, Content-Security-Policy: default-src 'none', X-Frame-Options: DENY, X-Content-Type-Options: nosniff, X-XSS-Protection: 1; mode=block, Strict-Transport-Security: max-age=31536000;preload], responseText:{"message":"Unauthorized"}, cookies:[], statusCode:401]
2023-12-08/19:27:00.981 [{}] [quartzScheduler_Worker-8] DEBUG rest.RestUtilService - pullObjectsByRest - responseStatusCode ::401

 

 

Thanks,

Sankar.

refer Refer : https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Examples-for-JSON-Construction.htm


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Rajesh-R
Saviynt Employee
Saviynt Employee

@Sankar  - Can you share the response payload of the token - masking the actual access token value?

Meanwhile - try the following:

{
  "authentications": {
    "accntAuth": {
      "authType": "oauth2",
      "url": "https://api.XXXXXX.com/accounts/connect/token",
      "httpMethod": "POST",
      "httpParams": {
        "grant_type": "client_credentials"
      },
      "httpHeaders": {
        "contentType": "application/x-www-form-urlencoded",
		"Authorization": "Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      },
      "httpContentType": "application/x-www-form-urlencoded",
      "expiryError": "Session expired or invalid",
      "authError": [
        "Unauthorized"
      ],
	  "retryFailureStatusCode": [401],
      "timeOutError": "Read timed out",
      "errorPath": "message",
      "maxRefreshTryCount": 5,
      "tokenResponsePath": "access_token",
      "refreshTokenResponsePath":"",
      "tokenType": "Bearer",
      "accessToken": "Bearer abcd"
    }
  }
}

Thanks
Rajesh Ramalingam
Saviynt India

Sankar
New Contributor
New Contributor

Hi @Rajesh-R ,

 

Please find the Postman response for access token when we send the post call with token URL.

++++++++++++++++++++++++++++++++++++++++++++++

{
    "token_type": "Bearer",
    "expires_in": 86400,
    "access_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "scope": "roles:read publishedPackage:read users:read system:read users:write roles:write environments:read"
}

++++++++++++++++++++++++++++++++++++++++++++++

 

Thanks,

Sankar.

 

adityachadde
New Contributor III
New Contributor III

Hi @Sankar,

Is this issue is resolved now?

Best regards,

Aditya Chadde

Hi @adityachadde ,

No. Still It is not resolved.

Thanks,
Sankar.

Refer https://docs.saviyntcloud.com/bundle/REST-v24x/page/Content/Examples-for-JSON-Construction.htm 

      "refreshType": "RefreshToken",

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

adarshk
Saviynt Employee
Saviynt Employee

@Sankar Were you able to get this working by referring the above document?