and more in a single search tool across platforms. Read the announcement here. |
03/22/2024 06:18 AM - last edited on 03/22/2024 07:26 AM by Sunil
The connection JSON which i am using for Azure AD integration the Access Token is expiring very frequently.
The connection is taken from the Azure AD integration guide only.
The access Token is working for one day and next day when i perform the group management, the create Group, update Group... are not working with 401 authorization.
I have attached the connection Json for reference.
attached logs for reference.
[This message has been edited by moderator to merge reply comment]
03/22/2024 09:32 AM
Disclaimer - This is an AI generated response and feedback will be used to fine tune.
The issue you're encountering with the Azure AD integration and the access token expiring frequently is tied to the nature of OAuth2 client credentials flow, which your ConnectionJSON indicates you are using. This flow is intended for server-to-server communication without user interaction, and tokens obtained through this method typically have a fixed, relatively short lifespan.
In Azure AD, the default expiration time for tokens obtained via the client credentials flow is usually 1 hour, although it can be configured up to 24 hours. If your operations span across days, you will indeed encounter expired tokens, necessitating a new token request.
Your ConnectionJSON seems to be set up correctly for initially obtaining an access token. However, ensuring seamless operation over multiple days requires implementing a mechanism to automatically refresh the token once expired. While your JSON configuration specifies retryFailureStatusCode to retry on a 401 Unauthorized error, this alone does not automatically refresh the token.
Automatic Token Refresh: Ensure your integration logic (outside of this JSON configuration) detects when a 401 status code is received and then automatically initiates a new token request before retrying the failed request. This usually involves:
Dynamic Token Management: Instead of hardcoding "accessToken": "Bearer ABCD", your system should dynamically insert the latest token into your API requests. The token should be stored in a secure manner and updated every time a new token is obtained.
Review Token Expiry Settings: Although not always feasible, review if the token expiry settings in Azure AD for your application can be adjusted to fit your use case better. However, this is generally not recommended as shorter lifespans are better for security.
03/24/2024 07:41 PM
{
"authentications": {
"userAuth": {
"authType": "oauth2",
"url": "https://login.microsoftonline.com/<>/oauth2/token",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_secret": "2",
"client_id": "",
"resource": "https://graph.microsoft.com"
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken"
],
"retryFailureStatusCode": [
401
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abc"
}
}
}