cancel
Showing results for 
Search instead for 
Did you mean: 

Microsoft Graph - unable to get token

ThingCheeYew
Level 4

Hi team,

anyone have the step by step guide on setup the graph and connect with BP? 

I try to do so, but my token seem not valid, wondering is that some authority missing in Graph setup.

When I called the Graph object, getting return of 400 bad request. ( as attached), anyone can share the thought on this?
 



------------------------------
Chee Yew Thing
------------------------------
8 REPLIES 8

ewilson
Staff
Staff
Hello @Chee Yew Thing,

We've just posted a new connector for Outlook which uses the Graph API. The user guide includes step-by-step instructions for defining your App Registration on Azure and creating a Client ID/Client Secret for an Application Access token.

If you require a Delegated Access token, the steps are slightly different in that your administrator must grant delegated access, for the specific Graph APIs, upfront. Otherwise, Microsoft expects that you're "user" (the Digital Worker) will follow a User Auth flow requiring interacting with a human user. We don't support that.

The new connector asset page is here.

Cheers,


------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------

Thanks Eric, I will look into it tomorrow.

------------------------------
Chee Yew Thing
------------------------------

Hi Eric,

quick query: so the Mail Send and Mail.ReadWrite in step 17 must use "Application Permission" , and not "Delegate"?

Thanks,
Thing

------------------------------
Chee Yew Thing
------------------------------

Hi @Chee Yew Thing,

Application Access is not required, but it is recommended as it's easier to configure and it provides greater flexibility to your Digital Workers to work across mailboxes. If your security policies require the use of Delegated Access, you can do that too. However, with Delegated Access, your administrator must grant the delegated access on the credential up-front when they configure the credentials. The reason for this is that the typical authorization flow for Delegated Access is that a human user would be prompted to login to a site where they would approve the applications access to their account. Our connector does not support that model as there's rarely a human user sitting around for this. Does that make sense?

Cheers,

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------

Thanks Eric, I have submitted the request internally to approve the consent. Meanwhile, will continue explore and try on the VBO given. 
I shall share the status once tested.

------------------------------
Chee Yew Thing
------------------------------

Hi @ewilson, thank you, tested all good now with Application Access. We will continue the scope to SharePoint Integrations
Thanks for your support.


------------------------------
Chee Yew Thing
------------------------------

ThomasWhite
Level 2
Hi @Chew Yew Thing,

We ran into the same issue in our organisation with trying to get a delegated access token. It turns out the account we were getting the token on behalf of had an ampersand character (&) in the password which was messing with the syntax of the HTTP request.

Once the password was updated, we stopped getting the 400 error.

Something to be mindful of 🙂

------------------------------
Tom White
Automation Analyst
Department of Industry, Science, Energy and Resources
Australia/Canberra
------------------------------
Tom White Automation Analyst Department of Industry, Science, Energy and Resources Australia/Canberra

Thanks for the tips, will take note on this.

------------------------------
Chee Yew Thing
------------------------------