OAuth 2.0 Azure Maileater Not Receiving Refresh Token
search cancel

OAuth 2.0 Azure Maileater Not Receiving Refresh Token


Article ID: 224656


Updated On:


CA Service Management - Service Desk Manager CA Service Desk Manager


Customer is configuring OAuth2.0 authentication between SDM Maileater and a mailbox located in Microsoft Azure.

When clicking "Generate Access Token" under "Mailbox Name" > Edit > 3.OAUTH 2.0 > "Auth Provider Name"

Token is unsuccessfully generated and accepted by SDM


Service Desk Manager 17.3


ERROR  [ForkJoinPool-1-worker-3] c.c.S.mail.OAuthProcessor - Refresh token is missing....can not get access token...

ERROR  [ForkJoinPool-1-worker-3] c.c.S.m.ConnectSession - Failed to get a fresh access token...can not proceed further....

java.lang.Exception: Refresh token is null or empty

This error can be caused if customer does not want to grant the following permissions to the Mailbox User account:

This is located under Azure AD Admin Portal > Enterprise Applications > Consent and Permissions


Some customers only want their Admin users to be able to provide this permission.

For example, Customers may only want their Azure Admins to be able to provide these permissions.

The above information has the Mail user provide the permissions. 


A feature was introduced in 17.3 RU11 to provide Azure Administrative Consent 

See Step F under "Set the Security Level as OAuth 2.0 - IMAP"


Additional Information

The forthcoming RU19 update will also include a change in how refresh tokens are acquired and stored within Maileater.  Such a change will prevent issues that had been detected where implementations would cease to function 90 days after initial successful implementation.