SharepointOnlineConnector Access Token Expired

Hi @tomw202​ ,

Are you using the SharePointOnlineConnector from FME Hub? If so you should be following this article: "How to create a SharePoint Online Web Connection". Please follow the steps and let me know how it goes!

Or are you using SharePoint List Reader/Writer?

Thanks

-Kezia

Hi Kezia,

Yes I am using the SharePointOnlineConnector. I have also followed the MS Graph instructions & published to our FME server. The webconnection then runs fine for a few days, and the associated workbench works as expected. However, once the token expires it is unable to authenticate and generate a new token. As such I have to authenticate manually again to get the workbench back up and running. I'm looking to try avoid the need to manually refresh.

Hi @tomw202​ ,

Is your Redirect URI consistent with FME and the App? Is the refresh URL added in Azure Portal when you set up the web app? Another thing to check is that in the authorization url you have the scope for offline access: scope=offline_access

The offline_access permission is a standard OIDC scope that is requested so that the app can get a refresh token.

If you used the same application registration in Azure, you may want to try register a different app for FME Server, or on the authentication tab for the app registrations, check that you have registered a web application and set the redirect uri. In the web service definition in FME you will need to make sure that you're sending a client secret and the optional check box is not selected.

Can you also please check your fmeoauth.log (Resources>Logs>Service>Current) and let me know if you see any messages that may be related.

Thanks

-Kezia

Hi Kezia,

Thanks for your help. I've created some screen shots of my settings as I think they match what you state above:

Redirect URLs: Both FME & Azure point to https://<MyDomain>/fmeserver/fmeoauth

FME Settings:

I've used my client ID in the "ClientID" section, & tenant ID in the links for "Authorisation Parameters", "RetrieveTokenParameters" and "RefreshTokenParameters" Scopes:

I've set up the FME Server App in Azure with the below scope permissions:

And I authorise the web connection in FME Server and return the below:

As I say, these settings work fine for a few days untill the token expires and it cannot refresh for a new one.

Thanks

Hi @tomw202​ ,

Thanks for your patience and thank you for the screenshots! Would you be able to try including the client_secret parameter in the Request Format of the Refresh Token Parameters.

client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]&refresh_token=[REFRESH_TOKEN]&grant_type=refresh_token

Let me know how it goes!

Thanks

Kezia

Hi @keziaatsafe​ 

When I update the Refresh Token Parameters, I get the below error. This error occurs with the Client Secret being ticked on or off for "Optional".