Saviynt Forums

mbh_it · ‎02/23/2024

Hello team,

I have put following JSON in connection and I am getting token expiry error in logs, please find attached logs, kindly let me know what needs to be corrected , I have Oauth connector for REST and accesstoken provided which succeeds on SAVE & test, however the existing accesstoken not generating Refresh token.

{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://XXX/token",
"contentType": "application/x-www-form-urlencoded",
"httpParams": {
"grant_type": "refresh_token",
"refresh_token": "${refresh_token}"
},
"httpHeaders": {
"Authentication": "Basic ABC",
"Accept": "*/*"
},
"authError": [
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken",
"USER_AUTHENTICATION_FAILED",
"PARTNER_AUTHENTICATION_FAILED",
"AuthenticationFailed",
"InvalidAuthenticationToken",
"The token is expired"
],
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"refreshType": "RefreshToken",
"refreshTokenResponsePath": "refreshToken",
"refreshToken": "IDONTHAVE SO leaving Blank",
"timeOutError": "Read timed out",
"errorPath": "error",
"maxRefreshTryCount": 5,
"authHeaderName": "Authentication",
"tokenResponsePath": "accessToken",
"tokenType": "Bearer",
"retryFailureStatusCode": [
401,
403,
500
],
"accessToken": "Bearer abcd"
}
}
}

error:

"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.651396069Z stdout F 2024-02-23 17:27:21,651 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - Inside pullObjectsByRest"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.651438169Z stdout F 2024-02-23 17:27:21,651 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - "
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.65144997Z stdout F 2024-02-23 17:27:21,651 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - calling executeRequestWithTimeoutConfig for api..."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.65145467Z stdout F 2024-02-23 17:27:21,651 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - calling api..."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.65146437Z stdout F 2024-02-23 17:27:21,651 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - before calling executeRequestWithHeaders for api..."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.65146887Z stdout F 2024-02-23 17:27:21,651 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - isFipsEnabled = false"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.65148377Z stdout F 2024-02-23 17:27:21,651 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - getHttpClient - sslParams : null"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.65149057Z stdout F 2024-02-23 17:27:21,651 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - getHttpClient - proxyParams : null"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.65151117Z stdout F 2024-02-23 17:27:21,651 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - getHttpClient - sslSocketFactory : null"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.668773672Z stdout F 2024-02-23 17:27:21,668 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - setting connection timeout to 10 seconds and request timeout to 60 seconds"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.669235477Z stdout F 2024-02-23 17:27:21,669 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - getHttpClient - HttpClientBuilder.create().build() called."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976735461Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - called executePostRequestWithHeaders for api..."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976751262Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - after calling executeRequestWithHeaders for api..."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976754462Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - called api..."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976756762Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - timeout validated for api..."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976767962Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - got response for api..."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976772262Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - "
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976800662Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] DEBUG rest.RestUtilService - pullObjectsByRest - responseStatusCode ::401"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976812362Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] ERROR rest.RestProvisioningService - Exception in pullObjectsByRest :401"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976825262Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] ERROR rest.RestProvisioningService - Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 1"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976830763Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - Incrementing connectionParamMap.refreshTryCount : 2"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.976832963Z stdout F 2024-02-23 17:27:21,976 [quartzScheduler_Worker-10] DEBUG rest.RestProvisioningService - maxRefreshTryCount : 5"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.988539299Z stdout F 2024-02-23 17:27:21,988 [quartzScheduler_Worker-10] DEBUG rest.RestUtilService - Calling https://api-gw1-prod1.fisglobal.com/token"
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.988548099Z stdout F 2024-02-23 17:27:21,988 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - calling executeRequestWithTimeoutConfig for api..."
"2024-02-23T17:27:22.355+00:00","ecm-worker","","","","2024-02-23T17:27:21.988550299Z stdout F 2024-02-23 17:27:21,988 [quartzScheduler_Worker-10] DEBUG services.HttpClientUtilityService - calling api..."

Thanks

Mahesh

AmitM · ‎02/24/2024

HI @mbh_it , does you api generates refresh token and access token every time? If yes, then run the API in postmane and use refresh token in "refreshToken": "IDONTHAVE SO leaving Blank" ,

You have to provide it once manually looking at your JSON.

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

Dhruv_S · ‎02/25/2024

Hi @mbh_it

I can see two issues.

1. Please give an actual refresh token from the postman in the below field.

"refreshToken": "IDONTHAVE SO leaving Blank"

2. I can see that the name of the variable is given as below

"refresh_token": "${refresh_token}" in the userauth section but in the tokenresponse path it is like below.

"refreshTokenResponsePath": "refreshToken",

Both of them should match. Please use refresh_token in both places and see if it works.

Regards,

Dhruv Sharma

mbh_it · ‎03/07/2024

Hi Dhruv/Amit, sorry for late response.

My API does not generate refreshtoken. It gives me access_token only and that when I pass basic consumer:secretykey (as base 64 encoded)

I tried following which worked when provisioning, but its failing during access/account import with 401.

worked following for access/account provisioning

{
"authentications": {
"userAuth": {
"authType": "BasicWithAccessToken",
"url": "https://abc.com/token?grant_type=client_credentials&scope=offline_access",
"contentType": "application/x-www-form-urlencoded",
"httpParams": {

},
"properties": {
"userName": "removed",
"password": "removed1"
},
"httpHeaders": {
"Accept": "application/json"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken",
"USER_AUTHENTICATION_FAILED",
"PARTNER_AUTHENTICATION_FAILED",
"AuthenticationFailed",
"InvalidAuthenticationToken",
"The token is expired"
],
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"timeOutError": "Read timed out",
"errorPath": "error",
"maxRefreshTryCount": 5,
"authHeaderName": "Authentication",
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"retryFailureStatusCode": [
401,
403,
500
],
"accessToken": "Bearer REMOVED_DUETO SECURITY"
}
}
}

Access import error logs attached

"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172449954Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG services.HttpClientUtilityService - called api..."
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172454054Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG services.HttpClientUtilityService - timeout validated for api..."
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172458054Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG services.HttpClientUtilityService - got response for api..."
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172461954Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG rest.RestUtilService - Got showLogs = true"
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172473754Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Server: Apache, Access-Control-Allow-Origin: *, Access-Control-Allow-Methods: GET, Accept-Encoding: gzip, True-Client-IP: 4.157.144.124, security-token-type: Oauth2, uuid: 23dbec8f-8978-45d0-97ff-172c296da805, source-id: XYZ, ClientCert: , Access-Control-Expose-Headers: ETag, Cneonction: close, saf-indicator: N, ibs-authorization: changedforsecurity, Content-Type: application/json; charset=UTF-8, Akamai-Origin-Hop: 2, Accept: application/json, WWW-Authenticate: OAuth2 realm="WSO2 API Manager", error="invalid_token", error_description="The access token expired", X-Forwarded-Host: api-gw1-prod1.fisglobal.com, CLIENT_DATA: CLIENT_CERT:missing;IP: 4.157.144.124;, Pragma: no-cache, Access-Control-Allow-Headers: Content-Type,source-id,application-id,uuid,authorization,security-token-type,saf-indicator,organization-id,ibs-authorization,fis-ic-enc-sk,fis-ic-enc-x5ts256,Authorization, activityid: 23dbec8f-8978-45d0-97ff-172c296da805, X-Akamai-CONFIG-LOG-DETAIL: true, Cache-Control: no-cache, max-age=0, X-Forwarded-For: 4.157.144.124, organization-id: BAX, application-id: PAT, X-Forwarded-Server: api-gw1-prod1.fisglobal.com, Content-Length: 226, Date: Thu, 07 Mar 2024 21:44:41 GMT, Connection: keep-alive, Strict-Transport-Security: max-age=31536000 ; includeSubDomains], responseText:{"fault":{"code":900901,"message":"Invalid Credentials","description":"Access failure for API: /rest/IBSET/v4, version: v4 status: (900901) - Invalid Credentials. Make sure you have provided the correct security credentials"}}, cookies:[], statusCode:401]"
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172479054Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG rest.RestUtilService - pullObjectsByRest - responseStatusCode ::401"
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172701256Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG rest.RestProvisioningService - Entered getResponseHeaders method"
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172740656Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG rest.RestProvisioningService - responseError : null"
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172822057Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG rest.RestProvisioningService - isAuthError: false"
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172827657Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG rest.RestProvisioningService - pullObjectsByRest - responseMap.size : 1"
"2024-03-07T21:44:42.141+00:00","ecm-worker","","","","2024-03-07T21:44:41.172829457Z stdout F 2024-03-07 21:44:41,172 [quartzScheduler_Worker-4] DEBUG rest.RestProvisioningService - pullObjectsByRest - objectList.size : null"

Can you please guide?

Thanks

Mahesh

rushikeshvartak · ‎03/07/2024

Please share curl command [Refer https://codingnconcepts.com/postman/how-to-generate-curl-command-from-postman/ ]

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Dhruv_S · ‎03/07/2024

Hi @mbh_it

1. If the API doesn't generate refresh token then you cannot use the refresh token in the JSON. So the JSON shared by you earlier is NOT APPLICABLE.

2. Now if you use the 2nd JSON, where you are using the BasicWithAccessToken, then it is expected that it will work only till the access token till token expiry and fail post that. The same is happening in your case when you try first time it works and when you try later it fails.

Hence with the 2nd JSON, please use new access token retrieved from the postman every time in this JSON.

In order to avoid putting access token every time, either you need to get the working refresh token API or you can use basic authentication with hardcoded username/password in JSON if application support this.

These are the possible ways this can be achieved.

Regards,

Dhruv Sharma

mbh_it · ‎03/08/2024

Hi Dhruv/ Rushikesh,

Thanks for your valuable inputs,.

Do you have a sample , how can I build this as per your following comment.

Hence with the 2nd JSON, please use new access token retrieved from the postman every time in this JSON.

In order to avoid putting access token every time, either you need to get the working refresh token API or you can use basic authentication with hardcoded username/password in JSON if application support this.

Rushikesh: I will remove some passwords etc and will share the curl data here in some time.

Thanks

Mahesh

Dhruv_S · ‎03/08/2024

@mbh_it

Please use the same JSON as below and insert access_token you get from the postman every time you run the job. If you don't have a refresh_token api, you need to put access token manually from the postman everytime.

{
"authentications": {
"userAuth": {
"authType": "BasicWithAccessToken",
"url": "https://abc.com/token?grant_type=client_credentials&scope=offline_access",
"contentType": "application/x-www-form-urlencoded",
"httpParams": {

},
"properties": {
"userName": "removed",
"password": "removed1"
},
"httpHeaders": {
"Accept": "application/json"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken",
"USER_AUTHENTICATION_FAILED",
"PARTNER_AUTHENTICATION_FAILED",
"AuthenticationFailed",
"InvalidAuthenticationToken",
"The token is expired"
],
"httpMethod": "POST",
"httpContentType": "application/x-www-form-urlencoded",
"timeOutError": "Read timed out",
"errorPath": "error",
"maxRefreshTryCount": 5,
"authHeaderName": "Authentication",
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"retryFailureStatusCode": [
401,
403,
500
],
"accessToken": "Bearer REMOVED_DUETO SECURITY"
}
}
}

Regards,

Dhruv Sharma

mbh_it · ‎03/08/2024

@rushikeshvartak added curl of postman,

Dhruv_S · ‎03/18/2024

Hi @mbh_it

Please let me know if the issue is resolved. One thing I missed in the previous response if you are using below in the connection JSON, it will retry to get the access token automatically and there is no need to put the token manually everytime.

"retryFailureStatusCode": [
401,
403, 500 ]

Regards,

Dhruv Sharma

Saviynt Forums

Refresh Token not getting Generated for REST connector