Microsoft Sharepoint Spoke: Auto-Renew Sharepoint Graph OAuth Access Token?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2022 06:14 PM
Hi!
So, we've installed the Microsoft Sharepoint Spoke in our San Diego instance, and have configured SharePoint Online and SharePoint Graph tenants/applications/etc. per the documentation instructions starting here: Configure Microsoft SharePoint application (San Diego)
For the most part, it looks like our configuration efforts were successful; we're able to connect to our corporate Sharepoint account and use the various Sharepoint spoke actions in our flows.
The issue we're running into is with expired OAuth access tokens associated with the SharePoint Graph tenant. When testing the Sharepoint Spoke actions in our flows, it seems like expired OAuth tokens for the Sharepoint Online tenant get auto-renewed on connection. However, expired OAuth access tokens for the Sharepoint Graph tenant do not seem to get auto-renewed. Once our Sharepoint Graph OAuth access token expires, the only way to get a new access token is to click on the "Get OAuth Token" link in the associated "OAuth 2.0 Credentials" record form. It goes without saying that having to manually renew the OAuth access token every hour or so is undesirable for our application.
We've tried the following without success:
- Tweaking parameters in the Sharepoint Graph connection and credential alias record
- Double-checking the App Registration settings via the Microsoft Azure Portal for our ServiceNow connector application in our corporate account
- Manually getting new OAuth access tokens via the OAuth refresh token in a flow script
Is there a way to configure (or verify the configuration for) either the Sharepoint Graph OAuth Application Registry entry, or perhaps the Connection/Credential Alias entry, to auto-renew expired OAuth access tokens, like how it seems to be done with Sharepoint Online? Thanks in advance for any information that anyone can provide!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2023 02:48 PM
I was planning to take this route, creating a Scheduled Job to refresh the access token, but had to do it a little differently. I am surprised this worked for you (if you followed the recommended API permissions in the docs), unless you also granted additional permissions in Azure. I believe the Sharepoint Graph API requires the authorization_code grant flow because the Actions that leverage the Graph API (Get Site, for example) are using Delegated permissions in Azure.
I did try to leverage some of your code to refresh the access token using the refresh_token using the GlideOAuthClient API, but ran into errors no matter what I tried. So I ended up just sending a REST message V2 to the token endpoint with the refresh_token, and that did the job for me.
Thanks again for the reply, it helped me get to where I needed to go.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2023 05:25 AM
Hello Mike,
There is a possibility that the refresh token URL in application registry is incorrect. By default the field is not visible on the form. Please configure the form to add the field and then check the value of the refresh token URL and update the same with correct URL, this should ideally resolve the issue, let us know if the issue still persists or mark this as Helpful.
