Skip to main content

Hi, I’m facing a problem with OAuth connections.

I’ve already configured the connection, and it is working fine. But, after an hour the token status is “expired”. I don´t know how to proceed to refresh the token automatically.

I’m using Microsoft Entra.

 

That’s an interesting question, cristian.bastidas !

I think the following community members may be able to help 

@Marc Mueller 

@Vatsy 

@Zaid Chougle 

@Tamil Arasu10 

@madhu subbegowda 

@jackson 

@HARUN KUMAR 

@NewTushitha 

@Azhar Hossain 

@kdil 

@Padmakumar 

Hi @christian.bastidas,

OAuth tokens (especially with Microsoft Entra / Azure AD) are short-lived (typically 1 hour) and must be refreshed automatically using a refresh token.

Root Cause

  • The initial access token retrieved via OAuth 2.0 expires after ~60 minutes.
  • Automation Anywhere currently doesn't automatically refresh tokens unless configured through a custom REST implementation.
  • The Bot Store OAuth connection setup stores the refresh token, but you need to explicitly call it.

1. Enable Token Refresh in OAuth Connection

  • Go to Admin → Connections → OAuth 2.0 Configuration
  • Confirm the following:
    • Authorization Grant Type = Authorization Code or Refresh Token
    • You have checked "Use Refresh Token"
    • Token Endpoint URL is correct for Microsoft Entra:
      https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

2. Refresh Token Manually via REST API (Recommended)

If AA is not auto-refreshing, use REST Web Service action in your bot to manually refresh the token:

  • POST to:

bash

CopyEdit

https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

  • Body (x-www-form-urlencoded):

ini

CopyEdit

grant_type=refresh_token

client_id=YOUR_CLIENT_ID

client_secret=YOUR_CLIENT_SECRET

refresh_token=YOUR_REFRESH_TOKEN

scope=https://graph.microsoft.com/.default

  • Parse and store the new access token in a variable.

You can then use this token in headers like:

json

CopyEdit

Authorization: Bearer <access_token>

3. Store Token Securely

  • Store the refreshed token in a credential variable or dictionary, and update it at runtime.

4. Schedule Auto-Refresh

  • Add logic to refresh the token every 55–59 minutes, or check if token is near expiry before each major API call.

Tip

If you're using Microsoft Graph API, set scope as:

ini

CopyEdit

scope = https://graph.microsoft.com/.default

Optional: Use a Vault Bot

Create a reusable “Token Manager Bot” that:

  • Checks expiry
  • Refreshes token
  • Updates stored credential/token variable

 

Reply


Terms & ConditionsCookie settings