cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
DerekH_AU
Frequent Visitor

Generic Oauth 2 connector not refreshing access or refresh tokens

Hi all,

 

I am building a custom connector to make a couple of calls into the MYOB AccountRight API (https://developer.myob.com/api/accountright/api-overview/authentication/) and everything works, except that Power Automate doesn't seem to be refreshing the access/refresh token (and it did last time I looked at this a couple of months ago). The access token expires after 20 minutes and the refresh token after 7 days. I manually fix the connection, but within 20 minutes, it no longer connects and requires fixing again. 

 

I have noted as well that the custom connector security screen shows all the values except the Refresh URL, which is empty but mandatory. Even if I update the connection details to include the refresh URL, it doesn't have any impact and the value is cleared after updating the connector.

 

The connection details are:

ID Provider: Generic Oauth 2

Client ID: xnxx6js6mv2krartysp9ddkt

Authorization URL: https://secure.myob.com/oauth2/account/authorize

Token URL: https://secure.myob.com/oauth2/v1/authorize 

Refresh URL should be: https://secure.myob.com/oauth2/v1/authorize

Scope: CompanyFile

Redirect URL: https://global.consent.azure-apim.net/redirect

 

When the custom connector isn't connected, it shows the error below. I am not sure if it is an issue or being returned by the API or somewhere in Power Automate, or if it is a symptom of another issue.

 

 

Failed to refresh access token for service: oauth2. Correlation Id=0fd144f6-e2bd-4b3a-8a7d-c2748a8767c2, UTC TimeStamp=11/4/2020 2:17:43 AM, Error: OAuth 2 access token refresh failed. Client ID and secret sent in form body.. Response status code=InternalServerError. Response body:

 

 

Server Error in '/' Application.


The required anti-forgery cookie "__RequestVerificationToken" is not present.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.Mvc.HttpAntiForgeryException: The required anti-forgery cookie "__RequestVerificationToken" is not present.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


Stack Trace:

 [HttpAntiForgeryException (0x80004005): The required anti-forgery cookie "__RequestVerificationToken" is not present.] System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) +666 System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) +163 System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +156 System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__1e(AsyncCallback asyncCallback, Object asyncState) +859 System.Web.Mvc.Async.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +146 System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout) +75 System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag) +28 System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) +1295 System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__17(AsyncCallback asyncCallback, Object asyncState) +50 System.Web.Mvc.Async.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +146 System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout) +75 System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) +532 System.Web.Mvc.Async.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +146 System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout) +75 System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate endDelegate, Object tag) +28 System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +387 System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__2(AsyncCallback asyncCallback, Object asyncState) +144 System.Web.Mvc.Async.WrappedAsyncResult`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +146 System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout) +75 System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate endDelegate, Object tag) +28 System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) +320 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +2066 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +868 

 


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36660

1 ACCEPTED SOLUTION

Accepted Solutions
DerekH_AU
Frequent Visitor

The cookie error was being reported by the connector, when making connections without my browser even being open. In any case, for now, I have recreated the connection the connector is using and so far I have had 24 hours of refreshed access tokens, making a request every 15 minutes, when the access token expires after 20 mins. For the moment, recreating the connection seems to have resolved the issue.

View solution in original post

5 REPLIES 5
shyamsu
Power Automate
Power Automate

This appears to be a client/browser side issue. We require cookies to be enabled. Can you please make sure you doing this all in one browser with cookies allowed?

DerekH_AU
Frequent Visitor

The cookie error was being reported by the connector, when making connections without my browser even being open. In any case, for now, I have recreated the connection the connector is using and so far I have had 24 hours of refreshed access tokens, making a request every 15 minutes, when the access token expires after 20 mins. For the moment, recreating the connection seems to have resolved the issue.

HEATFreight
Kudo Kingpin
Kudo Kingpin

I'm having the same issue as @DerekH_AU although I have never been able to get the refresh token to work at all.

I am building the Custom Connector by importing a Postman ver. 2.1 collection. Any tips?

Edit: oh I think I found part of the answer here

Edit2: Ok, yep I've figured it out! I exported a Postman v2.1 collection with all requests using the OAuth2 authorization method. Crucially, I left out the manual refresh token request from the collection. Postman requires you to build a manual request to keep the token refreshed because it will not do that for you even though it has that convenient "Get New Access Token" button: 

HEATFreight_0-1639234343574.png

You must leave out any manual authorization or refresh requests that you might use in Postman. These are not necessary (nor will they even work) in the custom connector. So you export a v2.1 Postman collection of just the non-authentication-related requests that you want to include in your connector. Each of these needs to have a type of "OAuth 2.0" in the Authorization tab. I followed this guide.

You import the Postman collection into the Power Automate custom connector and proceed through the >General and >Security settings. Crucially, you must save the >Security settings before moving on. I never see this mentioned in tutorials, but if you don't do it, the client ID and secret as well as the Refresh URL will not be saved and you'll have to return to finish the >Security tab before you can actually "Update connector".

The interesting thing here is that no matter what you do, the Refresh URl field will wipe itself as if it did not accept your input, but rest assured this is the expected behavior.

Next tab is >Definition. The thing to remember about >Definition is that the conversion between the Swagger Editor and the Custom Connector user interface is broken. YOU CAN NOT TRUST IT TO CONVERT THE SWAGGER CODE PROPERLY! So here is what you do, follow the guide I linked above to edit the code in the Swagger Editor, and then click "Update connector" WHILE YOU STILL HAVE SWAGGER EDITOR TOGGLED ON! I never see any guides mention this part. If you switch back to the regular interface by toggling off the Swagger Editor, there is a chance something will break. You should be safe if you don't open any of the request parameters (like Path, Query, Headers, Body or any of their sub-fields), and clicking "Update connector" toggles off the Swagger Editor anyway, but definitely if you start opening any of those request parameter fields it will start breaking your Swagger code! I do think you can toggle off Swagger Editor before clicking "Update connector" and it will still work. It's mainly just opening the request parameters that begins to break the Swagger code.

One example is if you try using integers as default values for string types. The normal Custom Connector interface will error out if you give a string parameter an integer for a default value (say if your API requires a company ID # parameter). If you get this "integer as string" error, you can simply open the Swagger Editor and put single quotes around the affected default value integers. If you click "Update connector" while Swagger Editor is still toggled on, or at least without navigating back to the string parameter in question, the single quotes will remain intact and your default value will populate in the >Test tab and wherever you use the connector, like Power Automate. But the second you open the string parameter in the normal Custom Connector interface (i.e. Swagger Editor toggled off), **BAM** no more single quotes. After opening the string parameter which has an integer default value, toggle Swagger Editor back on again and you will see that the single quotes have disappeared from around the default value integer.

Off the top of my head, I'm not sure what other parts of the Swagger code breaks when you try editing the Custom Connector parmeters outside of the Swagger Editor, but suffice it to say something ain't right. Stick to the Swagger Editor and you should be fine.

I'm at T+1 day of QuickBooks Online API Custom Connector keeping itself refreshed. The OAuth2 authorization code flow and refresh tokens work great in Custom Connectors if you do it right. 

HEATFreight
Kudo Kingpin
Kudo Kingpin

Ah crap, I'm back again. I got the QuickBooks Online API apparently working perfectly in a custom connector, but I have another API that is returning the following error:

 

Failed to refresh access token for service: oauth2. Correlation Id=..., UTC TimeStamp=..., Error: OAuth 2 access token refresh failed. Client ID and secret sent in form body.. Response status code=BadRequest. Response body: {"error":"invalid_grant"}

 


It seems that something is happening with the refresh token request that is causing it to fail, but that happens in the background. We have no visibility into that request or the response, the OAuth2 custom connector handles that for you and it just works. Or so it did with the QBO API. This other API is more stubborn and I suspect it has something to do with the way they want their requests formatted. I'm not sure what Postman settings would affect this, but for instance these three settings in Postman's >Authorization tab seem like possible culprits:

 

Add authorization data to [Request URL] vs. [Request Headers]

 

or

 

Authorize using browser [y/n]

 

or

 

Client Authentication [Send client credentials in body] vs. [Send as Basic Auth header]

 

 

I am using the exact settings in the broken custom connector as what I used for the working QuickBooks Online custom connector, except with the base URL, auth URL, token URL, refresh URL, request URLs, client ID, and client secret all being unique to each API obviously. Other than those, everything else is exactly the same. API #2 works great for 20 minutes and then its access token expires and I get that error above^.

Any Power Platform wizards out there? @RezaDorrani @shyamsu @v-bacao-msft 

Did you ever resolved this? I am trying to connect an external api and i get the same issues. I have try to create it manually and by importing the json files. When i go and try to connect to it. i get the error

{"error":"invalid_request","error_description":"Invalid redirect_uri: https://global.consent.azure-apim.net/redirect","rfc6749_reference":"4.1.2.1, 4.2.2.1"}

Helpful resources

Announcements

Exclusive LIVE Community Event: Power Apps Copilot Coffee Chat with Copilot Studio Product Team

It's time for the SECOND Power Apps Copilot Coffee Chat featuring the Copilot Studio product team, which will be held LIVE on April 3, 2024 at 9:30 AM Pacific Daylight Time (PDT).     This is an incredible opportunity to connect with members of the Copilot Studio product team and ask them anything about Copilot Studio. We'll share our special guests with you shortly--but we want to encourage to mark your calendars now because you will not want to miss the conversation.   This live event will give you the unique opportunity to learn more about Copilot Studio plans, where we’ll focus, and get insight into upcoming features. We’re looking forward to hearing from the community, so bring your questions!   TO GET ACCESS TO THIS EXCLUSIVE AMA: Kudo this post to reserve your spot! Reserve your spot now by kudoing this post.  Reservations will be prioritized on when your kudo for the post comes through, so don't wait! Click that "kudo button" today.   Invitations will be sent on April 2nd.Users posting Kudos after April 2nd at 9AM PDT may not receive an invitation but will be able to view the session online after conclusion of the event. Give your "kudo" today and mark your calendars for April 3, 2024 at 9:30 AM PDT and join us for an engaging and informative session!

Tuesday Tip: Unlocking Community Achievements and Earning Badges

TUESDAY TIPS are our way of communicating helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! We cover basics about the Community, provide a few "insider tips" to make your experience even better, and share best practices gleaned from our most active community members and Super Users.   With so many new Community members joining us each week, we'll also review a few of our "best practices" so you know just "how" the Community works, so make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!     THIS WEEK'S TIP: Unlocking Achievements and Earning BadgesAcross the Communities, you'll see badges on users profile that recognize and reward their engagement and contributions. These badges each signify a different achievement--and all of those achievements are available to any Community member! If you're a seasoned pro or just getting started, you too can earn badges for the great work you do. Check out some details on Community badges below--and find out more in the detailed link at the end of the article!       A Diverse Range of Badges to Collect The badges you can earn in the Community cover a wide array of activities, including: Kudos Received: Acknowledges the number of times a user’s post has been appreciated with a “Kudo.”Kudos Given: Highlights the user’s generosity in recognizing others’ contributions.Topics Created: Tracks the number of discussions initiated by a user.Solutions Provided: Celebrates the instances where a user’s response is marked as the correct solution.Reply: Counts the number of times a user has engaged with community discussions.Blog Contributor: Honors those who contribute valuable content and are invited to write for the community blog.       A Community Evolving Together Badges are not only a great way to recognize outstanding contributions of our amazing Community members--they are also a way to continue fostering a collaborative and supportive environment. As you continue to share your knowledge and assist each other these badges serve as a visual representation of your valuable contributions.   Find out more about badges in these Community Support pages in each Community: All About Community Badges - Power Apps CommunityAll About Community Badges - Power Automate CommunityAll About Community Badges - Copilot Studio CommunityAll About Community Badges - Power Pages Community

Tuesday Tips: Powering Up Your Community Profile

TUESDAY TIPS are our way of communicating helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! We cover basics about the Community, provide a few "insider tips" to make your experience even better, and share best practices gleaned from our most active community members and Super Users.   With so many new Community members joining us each week, we'll also review a few of our "best practices" so you know just "how" the Community works, so make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!   This Week's Tip: Power Up Your Profile!  🚀 It's where every Community member gets their start, and it's essential that you keep it updated! Your Community User Profile is how you're able to get messages, post solutions, ask questions--and as you rank up, it's where your badges will appear and how you'll be known when you start blogging in the Community Blog. Your Community User Profile is how the Community knows you--so it's essential that it works the way you need it to! From changing your username to updating contact information, this Knowledge Base Article is your best resource for powering up your profile.     Password Puzzles? No Problem! Find out how to sync your Azure AD password with your community account, ensuring a seamless sign-in. No separate passwords to remember! Job Jumps & Email Swaps Changed jobs? Got a new email? Fear not! You'll find out how to link your shiny new email to your existing community account, keeping your contributions and connections intact. Username Uncertainties Unraveled Picking the perfect username is crucial--and sometimes the original choice you signed up with doesn't fit as well as you may have thought. There's a quick way to request an update here--but remember, your username is your community identity, so choose wisely. "Need Admin Approval" Warning Window? If you see this error message while using the community, don't worry. A simple process will help you get where you need to go. If you still need assistance, find out how to contact your Community Support team. Whatever you're looking for, when it comes to your profile, the Community Account Support Knowledge Base article is your treasure trove of tips as you navigate the nuances of your Community Profile. It’s the ultimate resource for keeping your digital identity in tip-top shape while engaging with the Power Platform Community. So, dive in and power up your profile today!  💪🚀   Community Account Support | Power Apps Community Account Support | Power AutomateCommunity Account Support | Copilot Studio  Community Account Support | Power Pages

Super User of the Month | Chris Piasecki

In our 2nd installment of this new ongoing feature in the Community, we're thrilled to announce that Chris Piasecki is our Super User of the Month for March 2024. If you've been in the Community for a while, we're sure you've seen a comment or marked one of Chris' helpful tips as a solution--he's been a Super User for SEVEN consecutive seasons!   Since authoring his first reply in April 2020 to his most recent achievement organizing the Canadian Power Platform Summit this month, Chris has helped countless Community members with his insights and expertise. In addition to being a Super User, Chris is also a User Group leader, Microsoft MVP, and a featured speaker at the Microsoft Power Platform Conference. His contributions to the new SUIT program, along with his joyous personality and willingness to jump in and help so many members has made Chris a fixture in the Power Platform Community.   When Chris isn't authoring solutions or organizing events, he's actively leading Piasecki Consulting, specializing in solution architecture, integration, DevOps, and more--helping clients discover how to strategize and implement Microsoft's technology platforms. We are grateful for Chris' insightful help in the Community and look forward to even more amazing milestones as he continues to assist so many with his great tips, solutions--always with a smile and a great sense of humor.You can find Chris in the Community and on LinkedIn. Thanks for being such a SUPER user, Chris! 💪 🌠  

Find Out What Makes Super Users So Super

We know many of you visit the Power Platform Communities to ask questions and receive answers. But do you know that many of our best answers and solutions come from Community members who are super active, helping anyone who needs a little help getting unstuck with Business Applications products? We call these dedicated Community members Super Users because they are the real heroes in the Community, willing to jump in whenever they can to help! Maybe you've encountered them yourself and they've solved some of your biggest questions. Have you ever wondered, "Why?"We interviewed several of our Super Users to understand what drives them to help in the Community--and discover the difference it has made in their lives as well! Take a look in our gallery today: What Motivates a Super User? - Power Platform Community (microsoft.com)

March User Group Update: New Groups and Upcoming Events!

  Welcome to this month’s celebration of our Community User Groups and exciting User Group events. We’re thrilled to introduce some brand-new user groups that have recently joined our vibrant community. Plus, we’ve got a lineup of engaging events you won’t want to miss. Let’s jump right in: New User Groups   Sacramento Power Platform GroupANZ Power Platform COE User GroupPower Platform MongoliaPower Platform User Group OmanPower Platform User Group Delta StateMid Michigan Power Platform Upcoming Events  DUG4MFG - Quarterly Meetup - Microsoft Demand PlanningDate: 19 Mar 2024 | 10:30 AM to 12:30 PM Central America Standard TimeDescription: Dive into the world of manufacturing with a focus on Demand Planning. Learn from industry experts and share your insights. Dynamics User Group HoustonDate: 07 Mar 2024 | 11:00 AM to 01:00 PM Central America Standard TimeDescription: Houston, get ready for an immersive session on Dynamics 365 and the Power Platform. Connect with fellow professionals and expand your knowledge. Reading Dynamics 365 & Power Platform User Group (Q1)Date: 05 Mar 2024 | 06:00 PM to 09:00 PM GMT Standard TimeDescription: Join our virtual meetup for insightful discussions, demos, and community updates. Let’s kick off Q1 with a bang! Leaders, Create Your Events!  Leaders of existing User Groups, don’t forget to create your events within the Community platform. By doing so, you’ll enable us to share them in future posts and newsletters. Let’s spread the word and make these gatherings even more impactful! Stay tuned for more updates, inspiring stories, and collaborative opportunities from and for our Community User Groups.   P.S. Have an event or success story to share? Reach out to us – we’d love to feature you!

Users online (5,660)