Azure OAuth Refresh Token Not Renewing Automatically
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Our ServiceNow instance uses Azure OAuth 2.0 for both inbound IMAP and outbound SMTP email processing.
We have observed that access tokens are being renewed automatically, however, the refresh token is not being renewed or rotated after expiry, even though the offline_access scope is added in the OAuth Entity Profile.
Please help identify if any additional Azure or ServiceNow configuration is required to support automatic refresh token renewal.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
OK . Share me the offline access scope screen shot.. click on i and open in new window and share that.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Requested Image attached here.
Also, below screenshot is from Manage Tokens (refresh token screenshot), here in scopes I don't see offline_access.. @Tanushree Maiti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
As per Documentation (https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-...), Your permission is correct.
Ensure to specify the full scopes, including Outlook resource URLs, when authorizing your application and requesting an access token.
| IMAP | https://outlook.office.com/IMAP.AccessAsUser.All |
| POP | https://outlook.office.com/POP.AccessAsUser.All |
| SMTP AUTH | https://outlook.office.com/SMTP.Send |
In addition, you can request for offline_access scope. When a user approves the offline_access scope, your app can receive refresh tokens from the Microsoft identity platform token endpoint. Refresh tokens are long-lived. Your app can get new access tokens as older ones expire.
Alternatively, you can use OAuth2 client credentials grant flow to fetch an access token, instead of OAuth2 authorization code flow or OAuth2 device authorization grant flow.
Checking now your offline_access.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Ask Azure team to share the API permission screen shot. Check this article.
Office 365 Email OAuth 2.0 Integration with ServiceNow
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Add this both scope and try
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti