This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Marketo Access token expired

sravankunadi
New Contributor II

โ€Ž08-22-2022 08:29 AM

We are retrieving the leads from Marketo. I am using Marketo REST 0auth 2 for the access token.
I have created the account and selected auto refresh token,but the token is not getting refreshed after 1 hour. Pipeline still fails with the access token expired.

image

I am able to authorize and refresh the token manually. Anything i am missing or do we have any other workaround?

0 Kudos
9 REPLIES 9

sravankunadi
New Contributor II

โ€Ž08-22-2022 03:19 PM

Any inputs on this please?

0 Kudos

ddellsperger
Employee
Employee

โ€Ž08-23-2022 05:48 AM

Marketo authentication for client_credentials expects the client_id and client_secret as query parameters. If you uncheck the last box, โ€œSend Client Data as Basic Auth headerโ€ things should work properly (that should be used if the authentication documentation talks about sending โ€œclient details in the Authorization headerโ€).

Youโ€™ll want to then click the โ€œAuthorizeโ€ button, then when you get updates, the โ€œApplyโ€ button. Youโ€™re also able to remove the auth endpoint config, client_credentials OAuth2 only makes a call out to the Token Endpoint. OAuth2 coming from client_credentials typically doesnโ€™t have a refresh operation to make, it simply does a re-authorization during that process, youโ€™ll notice that the Marketo documentation even shows that thereโ€™s no refresh_token returned in the response from the token endpoint. But our refresh operation will take care of re-authenticating for client_credentials or performing a refresh if a refresh_token is available, so youโ€™ll want to keep the checkbox checked.

ResponseOfIdentity {
    access_token (string, optional): The token that you pass with subsequent calls to authenticate with the target instance,
    scope (string, optional): The owning API-only user of the custom service that was used to authenticate,
    expires_in (integer, optional): Remaining lifespan of the current token in seconds,
    token_type (string, optional): The OAuth authentication method = ['bearer']
}
0 Kudos

sravankunadi
New Contributor II

โ€Ž08-23-2022 09:07 AM

Thanks @ddellsperger . I still see the same issue after unchecked the โ€œSend Client Data as Basic Auth headerโ€ and also removed the auth endpoint config.
I did Authorize and the tab opened and updated and then did the โ€œApplyโ€ button.

image

I have attached the error log file.
Errors_GetAllLeads-2022-08-23T10_53_11.667.json (805 Bytes)

0 Kudos

ddellsperger
Employee
Employee
In response to sravankunadi

โ€Ž08-23-2022 11:14 AM

Which snap are you using to accomplish this, are you simply using a Rest GET/POST to obtain this data, or are you using the Marketo Snap Pack itself? Do you maybe have a pipeline screenshot that I could look at here, it seems like youโ€™re running a series of Rest snaps to get paginated data. I remember Marketo being somewhat unique, in their documentation they state:

If you call the Identity endpoint before your token has expired, the same token and the remaining lifespan will be returned in the response.

This means that our refresh process doesnโ€™t work the same way for Marketo as it might for other systems. Because they return an error with a value 602 rather than a http status code of 401 or 403 for an expired access token, they have to be treated somewhat differently. This is accounted for in our Marketo Snap Pack, but since this error message system that Marketo uses isnโ€™t via status code, but via an internal error code our automated re-authentication systems do not work for Marketo with the Rest Snap Pack. I would highly suggest moving to that if itโ€™s available to you, we donโ€™t really have an option for retries beyond the scope of 401/403 where we force an OAuth refresh currently.

0 Kudos