Oauth2 connectors : automatic refresh of token

Hi team,

When you are in delegated mode using Oauth2 connectors, in easymorph you need to click on an “authorize” button to get a 90 days static token. It means that each 90 days you have to do an “only manual” action to refresh your token. That makes it difficult to automate something.

The good thing is that in the microsoft process, you can automatically renew your token with the old token. Would it be possible to implement that, with an option for example activating this ? This would enable the automatic refresh of the token.

You may face an architecture problem with that : token will need to change, it means that repo will have to be updated if the connector is shared, or project if the connector is embedded. I don’t think you enable a change without the user to accept it manually. So how to proceed in this case ?

Thanks

Hi,

We are already doing this for providers that support automatic token refresh, Microsoft included. The tokens are refreshed whenever there is an opportunity to do so. This “refreshable” aspect, also referred to as mutable state, is seamlessly transmitted back to the original connector, either to the Server if the original connector is server-bound, or saved alongside the original connector in the local repo.sqlite database for local repositories.

Microsoft connector dialog provides a “90-day” warning only for the case when MSAL cannot refresh the token, either because the connector has been dormant for 90 days straight or because the server did not issue a new refresh token. When the connector is used regularly, the refresh should happen automatically.

It is important to note that the feature of automatic token refresh is not available for embedded connectors since these connectors are immutable within their containing project files.

Hi, thanks for your answer. Can you confirm (not sure I understood) that when connectors are shared through an easymorph server, refresh is automatically done ? It is not, only in the case of embedded connectors ? That’s good news for us.

Yes, I confirm that for Microsoft-based connectors, the update is automatic - whenever MSAL receives a new token, it is stored with the connector. This is done for local connectors that are stored in repo.sqlite, and for connectors that are retrieved from the remote Server repository. For embedded connectors, this is not done.

1 Like

@olysak , "Microsoft connector dialog provides a “90-day” warning only for the case when MSAL cannot refresh the token, either because the connector has been dormant for 90 days straight or because the server did not issue a new refresh token. When the connector is used regularly, the refresh should happen automatically."
I have an email connector that uses Oauth authentication, and I had a task that was sending emails every day using this connector.

image
image

But it expired today . See the message below

Based on the message that you posted and the fact that I was using the connector, I thought it wouldn't expire. Do you know how I can make sure that the connector is being used that will not require a refresh of the connector every 90 days?

Hi!

We've recently fixed an issue where the Exchange connector, specifically, would lose authorization after 90 days. This issue affected only to Microsoft Exchange, and not other Microsoft connectors such as Power BI, etc.

Assuming this is the issue you're experiencing, I think the fix is included in the latest release of the Desktop application which is version 5.7.2 build 6, published two days ago. I will confirm this for you shortly. If so, then updating your Desktop application (and the Server version if you have one, which should be updated to v5.7.2 build 5) will probably resolve the issue.

One more thing to check, just in case, that if the connector is 'embedded', meaning it resides within the .morph project file and not in a repository, its state will not be automatically refreshed. Make sure you're not using an embedded connector.

ok. I do not have the latest version installed. But I'll install and test it.
Just confirming that if I use the connector (that is published in the space), it will be enough to refresh the token right?
And this configuration will not interfere with the connector refresh.
image

thanks,
Renata

Yes, that should do it. The latest released Desktop & Server builds include the fix for the Exchange issue. You may need to re-authorise the connector after updating.

1 Like

Hi @olysak , where you able to confirm that this bug fix is available in the latest EM server version 5.7.2?

I don't see anything related to Microsoft exchange connector in the latest release notes.
This is the only thing that I found related to OAuth2

thanks,
Renata

Hi @rkawana !

Yes, the OAuth was not mentioned in release notes, since it was a hotfix. But it is included in the latest build, that I can confirm

@olysak we upgraded our EM server to the latest version ( Version 5.7.2 build 6) and the exchange connector failed ( after re-authorizing)

This was fixed after we re-created the Microsoft Exchange connector.