Skip to main content
  • EN
  • Home
  • Forums
  • FME Form
  • Transformers
  • Authorization and token retrieval was successful but refreshing the token using 'Refresh Token Parameters' failed using SharePoint Online Template for list reader/writer. what am I missing?

I'm trying to connect to our SharePoint Online environment to be able to work with lists. In FME Workbench (2021.1) I used the "Microsoft SharePoint Online (template) to create a new web service. When I try to test it I'm getting an error: "Authorization and token retrieval was successful but refreshing the token using 'Refresh Token Parameters' failed. Error: HTTP/1.1 401 Unauthorized".

My redirect uri is set to https://localhost

My Auth parameters url is:

https://login.microsoftonline.com/{mytenantID}/oauth2/v2.0/authorize?scope=https://{mytenant}.sharepoint.com/.default offline_access&response_type=code&prompt=consent

 

Retrieve Token Parameters url:

https://login.microsoftonline.com/{mytenantID}/oauth2/v2.0/token

 

refresh token Parameters url:

https://login.microsoftonline.com/{mytenantID}/oauth2/v2.0/token

request format (default carried over from template):

client_id=dCLIENT_ID]&refresh_token=nREFRESH_TOKEN]&grant_type=refresh_token

 

In Azure, my app has Graph permissions added for Sites.ReadWrite.All and User.Read as well as SharePoint permissions for AllSites.Manage and MyFiles.Write.

 

I'm at a loss at what I've got wrong or missing here. I've tried setting up the SharePoint Online (safe.microsoft-sharepoint) service and it works. I can add a SharePoint connector to my workspace and am able to connect to my tenant and its libraries with it. So, I seem to have the right client ID/secret/tenant information. Any suggestions/insight would be appreciated.

Thank you.

Thanks to @nielsgerrits​ I was able to get to connect by updating the request format to include the client secret. So it now looks like:

 

client_id=_CLIENT_ID]&client_secret=rCLIENT_SECRET]&refresh_token=kREFRESH_TOKEN]&grant_type=refresh_token

 

and this works. Much thanks!!

Thanks to @nielsgerrits​ I was able to get to connect by updating the request format to include the client secret. So it now looks like:

 

client_id=_CLIENT_ID]&client_secret=rCLIENT_SECRET]&refresh_token=kREFRESH_TOKEN]&grant_type=refresh_token

 

and this works. Much thanks!!

Thanks for the feedback. I just checked how my working sharepoint connection was configured which was created in a FME 2019 version. I removed my original answer because in the article How to create a Sharepoint Web Connection because the next piece is stated:

 

Note: This will not work in earlier versions of FME because the Client Secret has to have a value. In FME 2020+ this can be optional. Azure says that clients that cannot be trusted to keep a secret, such a desktop apps, are called Public Clients (which FME is). Apps that identify as a Public Client must never send a Client Secret, or else the server will reject it.

 

So while this works, I doubt this is the correct way. You probably want to check with someone from Safe if your implementation is correct.

Thanks for the feedback. I saw that as well, so expected the server would reject it if it was incorrect. However, it's rejecting my connection without it and only accepting it with it. I'll try and reach out to Safe directly. Appreciate the help!

Hi jjuker, having a very similar issue here, except that it seems that you got one step further, since in my case I receive the error message: Unable to retrieve access token - Request to update access token failed. HTTP error: HTTP/ 1.1 401 Unauthorized.

Hi jjuker, having a very similar issue here, except that it seems that you got one step further, since in my case I receive the error message: Unable to retrieve access token - Request to update access token failed. HTTP error: HTTP/ 1.1 401 Unauthorized.

Hi, @joris_frenkel​ ​  Did you solve your connection issue? If yes - how?

Hi @peteralstorp​  I just managed to solve this problem. At last, what @jjuker​ wrote about the client secret helped me solve it. When I made a new Web Connection WITH a secret, it worked, while without a secret it doesn't, just as @jjuker​ noted.

This is for a Sharepoint List reader/writer.

For a Sharepoint OnlineConnector you do not need a secret.

 

Hi @peteralstorp​  I just managed to solve this problem. At last, what @jjuker​ wrote about the client secret helped me solve it. When I made a new Web Connection WITH a secret, it worked, while without a secret it doesn't, just as @jjuker​ noted.

This is for a Sharepoint List reader/writer.

For a Sharepoint OnlineConnector you do not need a secret.

 

Thank you so much for your answer, @joris_frenkel​ I will try this asap!

Hi @peteralstorp​  I just managed to solve this problem. At last, what @jjuker​ wrote about the client secret helped me solve it. When I made a new Web Connection WITH a secret, it worked, while without a secret it doesn't, just as @jjuker​ noted.

This is for a Sharepoint List reader/writer.

For a Sharepoint OnlineConnector you do not need a secret.

 

@joris_frenkel​ My colleague asked me to trouble you for a printscreen or similar of your connection settings. Could you pls post this here - or send it via e-mail to peter.alstorp@tyrens.se if you rather keep it private?

Hi @peteralstorp​  I just managed to solve this problem. At last, what @jjuker​ wrote about the client secret helped me solve it. When I made a new Web Connection WITH a secret, it worked, while without a secret it doesn't, just as @jjuker​ noted.

This is for a Sharepoint List reader/writer.

For a Sharepoint OnlineConnector you do not need a secret.

 

Hi, I want to add that I now managed to make a correct connection without a secret. It works better that way. It worked with a secret, but then my Redirect URI was incorrect. Now that I corrected the Redirect URI, it works without the secret (and it works better, since I don't need to authenticate every time).

Thanks for the feedback. I just checked how my working sharepoint connection was configured which was created in a FME 2019 version. I removed my original answer because in the article How to create a Sharepoint Web Connection because the next piece is stated:

 

Note: This will not work in earlier versions of FME because the Client Secret has to have a value. In FME 2020+ this can be optional. Azure says that clients that cannot be trusted to keep a secret, such a desktop apps, are called Public Clients (which FME is). Apps that identify as a Public Client must never send a Client Secret, or else the server will reject it.

 

So while this works, I doubt this is the correct way. You probably want to check with someone from Safe if your implementation is correct.

Hi, I want to comment that there seems to be an error in the mentioned article. In the last paragraph, Connecting to Sharepoint with your own Client ID Single Tenant], it tells you that in the Redirect URI 'common' should be replaced with the tenant-id. It should not, at least in our situation. 'Common' should only be replaced in the Authorization URL and the Retrieve Token URL (and should be replaced automatically in the Refresh Token URL).

 

Further, take note that the prompt at the end of the authorization URL can influence the behaviour of the connection. If it says prompt=consent, it will ask for consent from an Azure administrator every time you try to authenticate. This may be ok for a new user, but otherwise it may not work as needed. It may be better to change it to prompt=select_account

 

Reply


Community Stats

30,162
Posts
114,510
Replies
37,819
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.