Oauth2 connectors : automatic refresh of token

Hi team,

When you are in delegated mode using Oauth2 connectors, in easymorph you need to click on an “authorize” button to get a 90 days static token. It means that each 90 days you have to do an “only manual” action to refresh your token. That makes it difficult to automate something.

The good thing is that in the microsoft process, you can automatically renew your token with the old token. Would it be possible to implement that, with an option for example activating this ? This would enable the automatic refresh of the token.

You may face an architecture problem with that : token will need to change, it means that repo will have to be updated if the connector is shared, or project if the connector is embedded. I don’t think you enable a change without the user to accept it manually. So how to proceed in this case ?



We are already doing this for providers that support automatic token refresh, Microsoft included. The tokens are refreshed whenever there is an opportunity to do so. This “refreshable” aspect, also referred to as mutable state, is seamlessly transmitted back to the original connector, either to the Server if the original connector is server-bound, or saved alongside the original connector in the local repo.sqlite database for local repositories.

Microsoft connector dialog provides a “90-day” warning only for the case when MSAL cannot refresh the token, either because the connector has been dormant for 90 days straight or because the server did not issue a new refresh token. When the connector is used regularly, the refresh should happen automatically.

It is important to note that the feature of automatic token refresh is not available for embedded connectors since these connectors are immutable within their containing project files.

Hi, thanks for your answer. Can you confirm (not sure I understood) that when connectors are shared through an easymorph server, refresh is automatically done ? It is not, only in the case of embedded connectors ? That’s good news for us.

Yes, I confirm that for Microsoft-based connectors, the update is automatic - whenever MSAL receives a new token, it is stored with the connector. This is done for local connectors that are stored in repo.sqlite, and for connectors that are retrieved from the remote Server repository. For embedded connectors, this is not done.

1 Like