Forum Discussion

reuben's avatar
reuben
New Contributor
2 years ago
Solved

OAuth2 account - error 500 on authorization

I attempting to authorize an OAuth2 account using client credentials, but I'm getting the following error:

{"http_status_code": 500, "response_map": {"error_list": [{"message": "Request to token endpoint https://login.microsoftonline.com/<tenant id is here>/oauth2/v2.0/token failed for account \"/PWDePAMTest/shared/account for Graph API\" of type \"OAuth2 Account\""}]}}

Does anyone know what that means beyond internal server error?

I am able to do this fine through Postman using a pre-built collection from Microsoft.  I just entered my clientid, client secret, and tenant id where applicable.  The only thing I can think of is that I'm not sure how to set Client Authentication.  That's set to Send client credentials in body in Postman.  Does it need to be set in the account setup?  If so, where would it go?

  • ddellsperger's avatar
    ddellsperger
    2 years ago

    for client credentials, you'll need to put the scope in the "Token endpoint config" section, not the "Authorization endpoint config".  

3 Replies

  • ddellsperger's avatar
    ddellsperger
    Admin
    2 years ago

    for client credentials, you'll need to put the scope in the "Token endpoint config" section, not the "Authorization endpoint config".  

    • reuben's avatar
      reuben
      New Contributor
      2 years ago

      If I do not get an error message or anything, does that mean it authorized?

      • ddellsperger's avatar
        ddellsperger
        Admin
        2 years ago

        You should see the Access Token and potentially Access Token Expiration fields visible/populated with something. Depending on if your OAuth2 endpoint supports refresh tokens and/or expiration times for access tokens, what you see might vary, but you should see at least something populated (see below)

        If you're not seeing data populated there, it likely means there's further issues with auth, you'd have to look into the JCC logs (the logs on the JCC machine) to know for sure what the issue is there, but generally you should be able to make the connection that no errors means authorized.