Microsoft Sharepoint Spoke: Auto-Renew Sharepoint Graph OAuth Access Token?

Mike Furoyama · ‎10-13-2022

Hi!

So, we've installed the Microsoft Sharepoint Spoke in our San Diego instance, and have configured SharePoint Online and SharePoint Graph tenants/applications/etc. per the documentation instructions starting here: Configure Microsoft SharePoint application (San Diego)

For the most part, it looks like our configuration efforts were successful; we're able to connect to our corporate Sharepoint account and use the various Sharepoint spoke actions in our flows.

The issue we're running into is with expired OAuth access tokens associated with the SharePoint Graph tenant. When testing the Sharepoint Spoke actions in our flows, it seems like expired OAuth tokens for the Sharepoint Online tenant get auto-renewed on connection. However, expired OAuth access tokens for the Sharepoint Graph tenant do not seem to get auto-renewed. Once our Sharepoint Graph OAuth access token expires, the only way to get a new access token is to click on the "Get OAuth Token" link in the associated "OAuth 2.0 Credentials" record form. It goes without saying that having to manually renew the OAuth access token every hour or so is undesirable for our application.

We've tried the following without success:

Tweaking parameters in the Sharepoint Graph connection and credential alias record
Double-checking the App Registration settings via the Microsoft Azure Portal for our ServiceNow connector application in our corporate account
Manually getting new OAuth access tokens via the OAuth refresh token in a flow script

Is there a way to configure (or verify the configuration for) either the Sharepoint Graph OAuth Application Registry entry, or perhaps the Connection/Credential Alias entry, to auto-renew expired OAuth access tokens, like how it seems to be done with Sharepoint Online? Thanks in advance for any information that anyone can provide!

Shreya Shah · ‎10-14-2022

Do you have a Case Task created in support? If so, may be taking a look at your instance, might give some insights.

Jobby1 · ‎10-19-2022

Hi Mike,

Were you able to get the bottom of this? I'm facing this issue as well.

Kind Regards,

Jobby

Andy Homar · ‎12-12-2022

I have this same problem, wondering if you have gotten to the bottom of this?

Jobby1 · ‎12-13-2022

Created a scheduled job to run every 25 mins as a workaround to resolve access token expiry issue and let me know if it helps.

/*This is the only information you need before hand

'Application_Registry_Name' is the name of the OAuth application registry record (oauth_entity)

*/

var Application_Registry_Name = gs.getProperty("sn_si.sharepoint.graph_alias");

var oAuthClient = new sn_auth.GlideOAuthClient();

var gr = new GlideRecord("oauth_entity");

if(gr.get("name",Application_Registry_Name)){

//Get Client Details

var clientId = gr.getValue("client_id");

var decrypted = new GlideEncrypter().decrypt(gr.getValue("client_secret"));

var params = {grant_type: "client_credentials", client_id: clientId, client_secret:decrypted, scope:"offline_access https://graph.microsoft.com/.default"};

var text = new global.JSON().encode(params);

var tokenResponse = oAuthClient.requestToken(Application_Registry_Name, text);

var token = tokenResponse.getToken();

var access_token = token.getAccessToken() ;

//gs.info("AccessToken:" + access_token);

gs.info("AccessTokenExpiresIn:" + token.getExpiresIn());

// Calculate Expiry Date

var now = new GlideDateTime();

now.addSeconds(token.getExpiresIn());

gs.info("Expiry Date:" + now.getDisplayValue());

//Set Token Value

var grtoken = new GlideRecord("oauth_credential");

grtoken.addEncodedQuery("type=access_token^peer.name="+Application_Registry_Name);

grtoken.query();

if(grtoken.next()){

grtoken.token_received = access_token;

grtoken.expires = now.getDisplayValue();

grtoken.update();

}

Cheers

Jobby