Saviynt Forums

sampath18 · ‎03/04/2024

Hi,

Token generation API is not resulting any refresh token.

our connectionjson is working if we are giving access_token from postman but after token expired we are getting below error during import job. How can we automate reauthentication so that we don't have to give the access_token again and again from postman.

Error logs after token expired:-

2024-03-04T06:45:42.060+00:00 ecm-worker services.HttpClientUtilityService quartzScheduler_Worker-3-vh25b DEBUG timeout validated for api...
2024-03-04T06:45:42.060+00:00 ecm-worker services.HttpClientUtilityService quartzScheduler_Worker-3-vh25b DEBUG got response for api...
2024-03-04T06:45:42.060+00:00 ecm-worker rest.RestUtilService quartzScheduler_Worker-3-vh25b DEBUG Got showLogs = true
2024-03-04T06:45:42.060+00:00 ecm-worker rest.RestProvisioningService quartzScheduler_Worker-3-vh25b DEBUG Got Webservice API Response: [headers:[Set-Cookie=******/; Secure; HttpOnly; SameSite=None, Cache-Control: no-store,no-cache,must-revalidate, Expires: -1, Pragma: no-cache, X-Content-Type-Options: nosniff, Strict-Transport-Security: max-age=31536000 ; includeSubDomains, Public-Key-Pins: pin-sha256=cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs="; pin-sha256="M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="; max-age=5184000; includeSubdomains
"
2024-03-04T06:45:42.928+00:00""" ecm-worker null-vh25b "<Status>
"
2024-03-04T06:45:42.928+00:00 ecm-worker null-vh25b " <TransactionID>z240304064530049797209a0</TransactionID>
"
2024-03-04T06:45:42.928+00:00 ecm-worker null-vh25b " <ReturnCode>100</ReturnCode>
"
2024-03-04T06:45:42.928+00:00 ecm-worker null-vh25b " <Message>Invalid authentication</Message>
"
2024-03-04T06:45:42.928+00:00 ecm-worker null-vh25b "</Status>
"
2024-03-04T06:45:42.928+00:00 ecm-worker null-vh25b , cookies:[JSESSIONID=7D451E79C7C4FB77E09AA6E038BE54A0; Path=/; Secure; HttpOnly; SameSite=None, SAPFG=!4HIue51NDLKv5K2zDB+Uths8p4/4rBZvjAW6xxQbOG1iKzG9O7JN3ldb+ut171+cV8Eb6NzFEABeAUWc; Httponly; Secure; SameSite=None, TS011f74b3=0140f215c9c4b35cd1d752ca28c4e8e97f1566d26e76b554aed5a574de33756935ce7fa0a72b4cf7e2f0169e9732803d46f146189eaa83cef5e23728ae6bd38b6c44a7394f892dbcf15d10fb7b155ce199e6f65444; Path=/; Secure; HTTPOnly; SameSite=None], statusCode:401]
2024-03-04T06:45:42.060+00:00 ecm-worker rest.RestUtilService quartzScheduler_Worker-3-vh25b DEBUG pullObjectsByRest - responseStatusCode ::401
2024-03-04T06:45:42.060+00:00 ecm-worker rest.RestProvisioningService quartzScheduler_Worker-3-vh25b ERROR Exception in pullObjectsByRest :401
2024-03-04T06:45:42.060+00:00 ecm-worker rest.RestProvisioningService quartzScheduler_Worker-3-vh25b ERROR Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 0
2024-03-04T06:45:42.060+00:00 ecm-worker rest.RestProvisioningService quartzScheduler_Worker-3-vh25b DEBUG Incrementing connectionParamMap.refreshTryCount : 1
2024-03-04T06:45:42.060+00:00 ecm-worker rest.RestProvisioningService quartzScheduler_Worker-3-vh25b DEBUG maxRefreshTryCount : 5
2024-03-04T06:45:42.060+00:00 ecm-worker rest.RestUtilService quartzScheduler_Worker-3-vh25b DEBUG Calling https://xuat.fgvms.com/api/oauth2/v2.0/token
2024-03-04T06:45:42.060+00:00 ecm-worker services.HttpClientUtilityService quartzScheduler_Worker-3-vh25b DEBUG calling executeRequestWithTimeoutConfig for api...
2024-03-04T06:45:42.060+00:00 ecm-worker services.HttpClientUtilityService quartzScheduler_Worker-3-vh25b DEBUG calling api...
2024-03-04T06:45:42.060+00:00 ecm-worker services.HttpClientUtilityService quartzScheduler_Worker-3-vh25b DEBUG before calling executeRequestWithHeaders for api...
2024-03-04T06:45:42.060+00:00 ecm-worker services.HttpClientUtilityService quartzScheduler_Worker-3-vh25b DEBUG isFipsEnabled = false
2024-03-04T06:45:42.060+00:00 ecm-worker services.HttpClientUtilityService quartzScheduler_Worker-3-vh25b DEBUG getHttpClient - proxyParams : null
2024-03-04T06:45:42.060+00:00 ecm-worker services.HttpClientUtilityService quartzScheduler_Worker-3-vh25b DEBUG getHttpClient - sslSocketFactory : null

Working connection json with hardcode access_token:-

{
"authentications":{
"acctAuth":{
"authType":"oauth2",
"url":"https://<<hostname>>/api/oauth2/v2.0/token",
"httpMethod":"POST",
"httpParams":{
"grant_type":"client_credentials",
"response_type":"token"
},
"httpHeaders":{
"Authorization":"Basic Base64encoded{username:password}",
"Content-Type":"application/x-www-form-urlencoded"
},
"httpContentType":"application/x-www-form-urlencoded",
"authError":[
"Invalid request",
"Invalid username or password",

"Invalid authentication"
],
"retryFailureStatusCode":[
401,
403
],
"timeOutError":"Read timed out",
"errorPath":"errorCode",
"maxRefreshTryCount":5,
"tokenResponsePath":"access_token",
"tokenType":"Bearer",
"accessToken":"Bearer <<access_token from postman>>"
}
}
}

Error in postman after token expired:-

AmitM · ‎03/04/2024

HI @sampath18 ,

here is a KB article on similar challange- https://forums.saviynt.com/t5/community-knowledge-base/access-token-generation-failing-for-rest-conn...

try using "testConnectionParams", that will validate the token while saving connection and no need to run Job to validate that. Follow below link to find out how to use that.

https://docs.saviyntcloud.com/bundle/Dev-Handbook-REST-v24x/page/Content/Developers-Handbook.htm

If your target doesn't have a refresh token or another api to get refresh token and new access token from refresh token, then you might want to increase the life of access token as the worst case but try above links first , if that solves your immediate challenge

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

sampath18 · ‎03/06/2024

Hi @AmitM, thank you for your reply. We've already added "Invalid authentication" to the authError, but it hasn't resolved the issue. We don't intend to increase the lifespan of the access token. Is there another approach to resolving this issue? Am I missing something in my connection JSON? I've also attempted the below connection JSON, but encountered the same issue

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://hostname/api/oauth2/v2.0/token",
"httpMethod": "POST",
"httpParams": {
"client_id": "<<client_id>>",
"client_secret": "<<client_secret>>",
"grant_type": "client_credentials",
"response_type": "token"
},
"httpHeaders": {
"Authorization": "Basic Base64encoded{username:password}",
"Content-Type": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Invalid authentication",
"USER_AUTHENTICATION_FAILED",
"PARTNER_AUTHENTICATION_FAILED"
],
"errorPath": "error",
"retryFailureStatusCode": [
401,
403
],
"maxRefreshTryCount": 5,
"tokenType": "Bearer",
"accessToken": "Bearer abcd"
}
}}

sampath18 · ‎03/20/2024

Able to achieve this using below connectionjson:-Issue was with the convertor of Base64encoded{username:password} .

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"url": "https://xuat.fgvms.com/api/oauth2/v2.0/token",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials"
},
"httpHeaders": {
"Authorization": "Basic xxxxxxxxx",
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"Invalid authentication"
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 10,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer eyJ",
"retryFailureStatusCode": [
401,
403,
500
]
}
}
}

Saviynt Forums

Rest Connectionjson - How can we reauthenticate if not having refresh token after token expired