Forum Discussion

MillionCurrants's avatar
MillionCurrants
Copper Contributor
Jun 25, 2024

Graph API e-mail access stopped working after three months

Hello, I used this guide to do some e-mail read/write using Python. It worked without issues for three months (running every two minutes), then after indeed three months on the day my refresh token stopped functioning. 

 

 

def connect() -> dict[str, str]:
    url = "https://login.microsoftonline.com/<snipped>/oauth2/v2.0/token"
    payload = {
        "grant_type": "refresh_token",
        "client_id": "<snipped>",
        "scope": "offline_access Mail.ReadWrite",
        "code": "<snipped>",
        "refresh_token": "<snipped>",
        "client_secret": "<snipped>",
    }
    headers = {
        "Content-Type": "application/x-www-form-urlencoded",
        "Cookie": "<snipped>",
    }

    try:
        response = requests.post(url, headers=headers, data=payload)
        response.raise_for_status()

        return ast.literal_eval(str(response.text))

    except Exception:
        return {}

 

 

Printing the exception gives me:

400 Client Error: Bad Request for url: https://login.microsoftonline.com/<snipped>/oauth2/v2.0/token

 

An astute reader might suspect my client secret expired, since its default duration is three months, but I gave it a longer duration than that when I created it. It is very much not expired.

 

I have since tried to perform the whole process from scratch. I seem to effectively get this far:

 

https://login.microsoftonline.com/<<Directory (tenant) ID>>/oauth2/v2.0/authorize?client_id=<<Application (client) ID>>&response_type=code&redirect_uri=https%3A%2F%2Flocalhost&response_mode=query&scope=offline_access%20Mail.ReadWrite&state=12345644

 

Replacing the two IDs and visiting the URL gives me a code as before. I copy the part between ...code= and &state=... and perform the Postman step (from the guide) on it:

 

Request Type: Post
Request URL: https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
client_id: your client id
scope: offline_access Mail.ReadWrite
code: you got in step (a)
redirect_uri: https://localhost
grant_type: authorization_code
client_secret: your secret

 

But that gives me this error:

 

 

{
    "error": "invalid_grant",
    "error_description": "AADSTS70008: The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource. <snipped>",
    "error_codes": [
        70008
    ],
    "timestamp": "<snipped>",
    "trace_id": "<snipped>",
    "correlation_id": "<snipped>",
    "error_uri": "https://login.microsoftonline.com/error?code=70008"
}

 

 

Mind you, this happens even if I corrupt the code or make it something silly like a single character, so it seems to me the problem isn't with the code, but for the life of me I cannot figure it out. Anyone able to tell what I'm doing wrong?

4 Replies

    • MillionCurrants's avatar
      MillionCurrants
      Copper Contributor
      Yes, that seems to be the original problem.

      But, trying to repeat the steps to produce a new refresh token says the authorization token has expired, even if it's piping hot out of the oven. Even if I corrupt it or send nonsense like a single character, that's the error message I'm getting. So while it complains about an expired authorization token, that is hardly the actual issue here, but I cannot figure out what the real problem is.
      • MUTHU_RAMAKRISHNAN's avatar
        MUTHU_RAMAKRISHNAN
        Copper Contributor
        To regenrate the refreshtoken, i hope you are reauthenticating (re login) again.

        If you reauthenticate and if still receiving error, pls post the error message

Resources