OAuth 2.0 Azure Maileater Not Receiving Refresh Token
Article ID: 224656
Updated On:
Products
Issue/Introduction
Customer is configuring OAuth2.0 authentication between SDM Maileater and a mailbox located in Microsoft Azure.
When clicking "Generate Access Token" under "Mailbox Name" > Edit > 3.OAUTH 2.0 > "Auth Provider Name"
Token is unsuccessfully generated and accepted by SDM
Environment
Service Desk Manager 17.3
Cause
ERROR [ForkJoinPool-1-worker-3] c.c.S.mail.OAuthProcessor - Refresh token is missing....can not get access token...
ERROR [ForkJoinPool-1-worker-3] c.c.S.m.ConnectSession - Failed to get a fresh access token...can not proceed further....
java.lang.Exception: Refresh token is null or empty
This error can be caused if customer does not want to grant the following permissions to the Mailbox User account:
This is located under Azure AD Admin Portal > Enterprise Applications > Consent and Permissions
Some customers only want their Admin users to be able to provide this permission.
For example, Customers may only want their Azure Admins to be able to provide these permissions.
The above information has the Mail user provide the permissions.
Resolution
A feature was introduced in 17.3 RU11 to provide Azure Administrative Consent
See Step F under "Set the Security Level as OAuth 2.0 - IMAP"
Additional Information
The forthcoming RU19 update will also include a change in how refresh tokens are acquired and stored within Maileater. Such a change will prevent issues that had been detected where implementations would cease to function 90 days after initial successful implementation.
Feedback
