No refresh token OAuth 2
Moderator: crythias
No refresh token OAuth 2
I have installed a Znuny 6.3.1 to perform the connection tests with OAuth 2 from a Google Workspace account, I have carried out the process to obtain the credentials (client id and secret id), when entering them in the OAuth Manager, I can log in no problem and when I enter the mail manager and add it with the OAuth Token configuration it works without problems, I can recover the mails of my account.
The problem is that the Google login token lasts only one hour and then you have to manually log in again with Google, which is not efficient, I have read in the Google documentation that you must obtain a refresh token and an access token so that the application can perform the refresh process automatically, I have managed to get the refresh token and an access token, however I cannot identify where I can add them within the Znuny configurations. I understood that Znuny himself did this process, however, in the OAuht administrator the legend "No refresh token was requested yet" appears, which makes me think that the refresh token must be configured, however, I have not found information about it in case it has to be configured manually. I hope someone can help me with this problem.
This error appears in the log: "Refresh token for token config with ID 2 has expired or is not present. Token must be retrieved manually via authorization code."
The problem is that the Google login token lasts only one hour and then you have to manually log in again with Google, which is not efficient, I have read in the Google documentation that you must obtain a refresh token and an access token so that the application can perform the refresh process automatically, I have managed to get the refresh token and an access token, however I cannot identify where I can add them within the Znuny configurations. I understood that Znuny himself did this process, however, in the OAuht administrator the legend "No refresh token was requested yet" appears, which makes me think that the refresh token must be configured, however, I have not found information about it in case it has to be configured manually. I hope someone can help me with this problem.
This error appears in the log: "Refresh token for token config with ID 2 has expired or is not present. Token must be retrieved manually via authorization code."
You do not have the required permissions to view the files attached to this post.
Alan Lopez
-
- Administrator
- Posts: 4002
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: No refresh token OAuth 2
Hi Alan,
I just tried it with a new (sub)domain and it looks like this:
Can you share the summary of your OAuth consent screen (with personal data deleted)?
- Roy
I just tried it with a new (sub)domain and it looks like this:
Can you share the summary of your OAuth consent screen (with personal data deleted)?
- Roy
You do not have the required permissions to view the files attached to this post.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Re: No refresh token OAuth 2
Thanks for reply Toy,
Here the screenshot.
Thanks
Here the screenshot.
Thanks
You do not have the required permissions to view the files attached to this post.
Alan Lopez
-
- Administrator
- Posts: 4002
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: No refresh token OAuth 2
Hi Alan,
Thank you for reporting. We have an issue (with a workaround) created, the fix is wip.
https://github.com/znuny/Znuny/issues/230
- Roy
Thank you for reporting. We have an issue (with a workaround) created, the fix is wip.
https://github.com/znuny/Znuny/issues/230
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Re: No refresh token OAuth 2
Thank you Roy,
I followed the github instructions, create a new client id and secret id and replace them and it worked.
regards
I followed the github instructions, create a new client id and secret id and replace them and it worked.
regards
Alan Lopez
-
- Znuny newbie
- Posts: 10
- Joined: 16 Aug 2022, 15:38
- Znuny Version: 6.3
- Real Name: Werner Murnau
Re: No refresh token OAuth 2
I have the same error message but with Outlook365. Github instructions are specific to Google:
"This issue could only be confirmed for Google Mail / Google Workspace OAuth"
Is there a different way to fix this in Outlook365? I just want to confirm before I ask our admins to recreate the API
Thanks
"This issue could only be confirmed for Google Mail / Google Workspace OAuth"
Is there a different way to fix this in Outlook365? I just want to confirm before I ask our admins to recreate the API
Thanks
-
- Administrator
- Posts: 4002
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: No refresh token OAuth 2
Hi,
This depends. Do you still use 6.3.1? Then you should have the App recreated.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 10
- Joined: 16 Aug 2022, 15:38
- Znuny Version: 6.3
- Real Name: Werner Murnau
Re: No refresh token OAuth 2
Thanks for this quick reply!
We will upgrade to 6.4 and try again.
We will upgrade to 6.4 and try again.
-
- Administrator
- Posts: 4002
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: No refresh token OAuth 2
HI,
Just to be clear. Upgrading won't fix a broken record, do not expect the token works.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 10
- Joined: 16 Aug 2022, 15:38
- Znuny Version: 6.3
- Real Name: Werner Murnau
Re: No refresh token OAuth 2
ok, too bad...but now we are upgrading already. Do we have to recreate the API or only the token configuration?
-
- Administrator
- Posts: 4002
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: No refresh token OAuth 2
Hi,
I would export the token, delete and import it again. If this not work create new credentials for the app at the Azure portal.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 10
- Joined: 16 Aug 2022, 15:38
- Znuny Version: 6.3
- Real Name: Werner Murnau
Re: No refresh token OAuth 2
Upgrade is not finished yet so I have to work with 6.3 in the meantime.
When I click on "request new token" a popup redirects me to the login page and just stays there without any message. I also cannot find anything in system log. How can I do this on command line with debug option? I am looking for something to convince our Outlook admins to recreate the API....
When I click on "request new token" a popup redirects me to the login page and just stays there without any message. I also cannot find anything in system log. How can I do this on command line with debug option? I am looking for something to convince our Outlook admins to recreate the API....
-
- Administrator
- Posts: 4002
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: No refresh token OAuth 2
Hi,
Have you tried what I recommended?
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 10
- Joined: 16 Aug 2022, 15:38
- Znuny Version: 6.3
- Real Name: Werner Murnau
Re: No refresh token OAuth 2
Hi Roy,
partially, only export, delete and import. Our admins are not happy about recreating the API, that's why I am looking for a proof that this is needed and hoped to be able to find it with some debug options since I don't see any related messages in otrs.log
-
- Administrator
- Posts: 4002
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: No refresh token OAuth 2
Well,
What is your exact error message? I doubt that for a new imported token configuration the screen keeps blank when requesting the refresh token.
If this really is the case there must be something in the Apache error_log.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 10
- Joined: 16 Aug 2022, 15:38
- Znuny Version: 6.3
- Real Name: Werner Murnau
Re: No refresh token OAuth 2
found this in httpd logs:
Code: Select all
[05/Sep/2022:20:34:35 +0200] 10.244.144.140 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /noc/tts-images/js/js-cache/ModuleJS_9292602303dda85bffe667fc722199c1.js HTTP/1.1" 506
[05/Sep/2022:20:34:42 +0200] 10.244.144.140 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /noc/tts/get-oauth2-token-by-authorization-code.pl?code=0.AS8A2JH_......... HTTP/1.1" 4539
[05/Sep/2022:20:34:43 +0200] 10.244.144.140 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /noc/tts-images/skins/Agent/default/css/thirdparty/ui-theme/jquery-ui.css HTTP/1.1" 4062
[05/Sep/2022:20:34:44 +0200] 10.244.144.140 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /noc/tts/get-oauth2-token-by-authorization-code.pl HTTP/1.1" 4539
[05/Sep/2022:20:35:03 +0200] 10.244.144.140 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
-
- Administrator
- Posts: 4002
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: No refresh token OAuth 2
Hi,
This is your SSL access log, not an error log.
Let's try again:
1.) Does the window stay blank when you request a new token?
2.) And, more important when I see your access log: do the system configuration settings HttpType, FQDN, and ScriptAlias match your URL?
- Roy
This is your SSL access log, not an error log.
Let's try again:
1.) Does the window stay blank when you request a new token?
2.) And, more important when I see your access log: do the system configuration settings HttpType, FQDN, and ScriptAlias match your URL?
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 10
- Joined: 16 Aug 2022, 15:38
- Znuny Version: 6.3
- Real Name: Werner Murnau
Re: No refresh token OAuth 2
last message in my httpd error_log is the startup message.
1.) when I click on "request new token"
2.) yes, they do. HttpType is https and the rest also matches the URL I see when requesting the token
any help is much appreciated
thanks
1.) when I click on "request new token"
- a popup appears with the logon screen and URL consisting of
- after login with my credentials the same screen appears again (or the old one stays), only difference is the shorter URL
2.) yes, they do. HttpType is https and the rest also matches the URL I see when requesting the token
any help is much appreciated
thanks
-
- Administrator
- Posts: 4002
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: No refresh token OAuth 2
Hi,
Well, now we're getting along. The first problem is that you see the Znuny login, it should be the Microsoft login instead. Please set the LogLevel to debug and check after another try why you're session is not detected in the popup. Have you tried another browser, disabled adblockers, etc.?
- Roy
Well, now we're getting along. The first problem is that you see the Znuny login, it should be the Microsoft login instead. Please set the LogLevel to debug and check after another try why you're session is not detected in the popup. Have you tried another browser, disabled adblockers, etc.?
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 10
- Joined: 16 Aug 2022, 15:38
- Znuny Version: 6.3
- Real Name: Werner Murnau
Re: No refresh token OAuth 2
Hi,
The problem might be related to the fact that we are using SSO with Microsoft and our company accounts. I will try to play around with the logins and provide debug info if this doesn’t help.
Thanks again for the quick turnaround
The problem might be related to the fact that we are using SSO with Microsoft and our company accounts. I will try to play around with the logins and provide debug info if this doesn’t help.
Thanks again for the quick turnaround
-
- Znuny newbie
- Posts: 10
- Joined: 16 Aug 2022, 15:38
- Znuny Version: 6.3
- Real Name: Werner Murnau
Re: No refresh token OAuth 2
Hi,
when I log off Azure before I start to request the token it indeed leads me to the MS login page. After logging in I have the same situation as before: Znuny login screen appears with the long URL and afterwards again with the short one.
unfortunately I see no messages in otrs.log despite loglevel debug. But when I try to fetch mails I see some entries in otrs.log e.g. "OAuth2 token could not be retrieved."
What can be wrong with my log settings, I shall at least see something I think while trying to fetch the token.
Thanks
when I log off Azure before I start to request the token it indeed leads me to the MS login page. After logging in I have the same situation as before: Znuny login screen appears with the long URL and afterwards again with the short one.
unfortunately I see no messages in otrs.log despite loglevel debug. But when I try to fetch mails I see some entries in otrs.log e.g. "OAuth2 token could not be retrieved."
What can be wrong with my log settings, I shall at least see something I think while trying to fetch the token.
Thanks