search cancel

OAuth 2.0 Azure Maileater Not Receiving Refresh Token


Article ID: 224656


Updated On:


CA Service Management - Service Desk Manager


Customer is configuring OAuth2.0 authentication between SDM Maileater and a mailbox located in Microsoft Azure.

When clicking "Generate Access Token" under:

"Mailbox Name" > Edit > 3.OAUTH 2.0 > "Auth Provider Name"

Token is unsuccessfully generated and accepted by SDM


2021-08-13 00:00:22:134 ERROR  [ForkJoinPool-1-worker-3] c.c.S.mail.OAuthProcessor - Refresh token is missing....can not get access token...

2021-08-13 00:00:22:134 ERROR  [ForkJoinPool-1-worker-3] c.c.S.m.ConnectSession - Failed to get a fresh access token...can not proceed further....

java.lang.Exception: Refresh token is null or empty

This error can be caused if customer does not want to grant the following permissions to the Mailbox User account:

This is located under Azure AD Admin Portal > Enterprise Applications > Consent and Permissions



Some customers only want their Admin users to be able to provide this permission.

For example, Customers may only want their Azure Admins to be able to provide these permissions.

The above information has the Mail user provide the permissions. 




Release : 17.3

Component : SDM - In-bound/Out-bound Mail


A feature was introduced in RU11 to provide Azure Administrative Consent 

See Step F under "Set the Security Level as OAuth 2.0 - IMAP"