Azure Datafactory - OAuth2 Access token type not supported

Question

Azure Datafactory - OAuth2 Access token type not supported

Gaylord Dusautoir 1

Hello,
We are working on a cloud data source integration for the ingestion. We are using OAuth2 authentication mechanism.
When we test the connectivity we receive this error message
Error Code: "OAuth2AccessTokenTypeNotSupported"
Details: The toke type 'bearer' from your authorization server is not supported, supported type: 'Bearer'

But RFC6749 does mention the Access token type registry as being case insensitive.

Is there anyone who already face that issue and found a workaround ?

Thanks

KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2022-12-09T01:33:33.637+00:00

Hello @Gaylord Dusautoir ,

Thanks for the question and using MS Q&A platform.

I just verified it and as per RFC 6750 section#6.1.1 (OAuth 2.0 Bearer Token Usage) the token type name should be Bearer, as you mentioned I agree that RFC 6749 statement is a bit confusing.
But as per the test it should be Bearer (And seems it is expecting case sensitive name).

Even the example in RFC 6749 says Bearer .

Please retry passing token type name as Bearer instead of bearer to overcome this issue.

Hope this info helps.

----------

Please do consider clicking on "Accept Answer" and "Upvote" on the post that helps you, as it can be beneficial to other community members.
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2022-12-12T01:58:18.587+00:00

Hello @Gaylord Dusautoir ,

Just checking in to see if the above information was helpful. And, if you have any further query do let us know.
Gaylord Dusautoir 1 Reputation point

2022-12-12T12:40:37.973+00:00

Hello, it's not helpful as it does not reflect entirely the RFC content. What you quoted are examples. On your second screenshot it's indicated the "bearer" token type in lower case. We are talking about RFC here, so if it's indicated insensitive it's not a typo. Could you please escalate this issue to the product team and do the appropriate investigation with IETF ?
Thank you for your support
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2022-12-12T18:20:38.41+00:00

Thank you for your reply @Gaylord Dusautoir ! I have already escalated this issue to respective product owners and awaiting response. Will keep you posted as soon as I have update from them.

Thank you
Rory Tarnow-Mordi 1 Reputation point

2022-12-15T02:52:33.933+00:00

This is an issue we're having as well, and if we're quoting the RFCs then the original reference seems to be the correct one, Kranthi's just gives examples. Look specifically at this section of RFC6749: https://www.rfc-editor.org/rfc/rfc6749#section-5.1 :

token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.

Emphasis mine
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2023-01-09T17:19:53.493+00:00

Hello @Gaylord Dusautoir , @Rory Tarnow-Mordi ,

Following up to see if you have got a chance to try the workaround provided? Please let me know if that helps to unblock you.
Regarding the bug, product is working on fixing it. The tentative ETA is end of January (Note: Please note this is a tentative date) . I will keep you posted as soon as the fix is rolled out.

Thank you

1 answer

Your answer

KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2022-12-09T01:33:33.637+00:00

Hello @Gaylord Dusautoir ,

Thanks for the question and using MS Q&A platform.

I just verified it and as per RFC 6750 section#6.1.1 (OAuth 2.0 Bearer Token Usage) the token type name should be Bearer, as you mentioned I agree that RFC 6749 statement is a bit confusing.
But as per the test it should be Bearer (And seems it is expecting case sensitive name).

Even the example in RFC 6749 says Bearer .

Please retry passing token type name as Bearer instead of bearer to overcome this issue.

Hope this info helps.

----------

Please do consider clicking on "Accept Answer" and "Upvote" on the post that helps you, as it can be beneficial to other community members.
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2022-12-12T01:58:18.587+00:00

Hello @Gaylord Dusautoir ,

Just checking in to see if the above information was helpful. And, if you have any further query do let us know.
Gaylord Dusautoir 1 Reputation point

2022-12-12T12:40:37.973+00:00

Hello, it's not helpful as it does not reflect entirely the RFC content. What you quoted are examples. On your second screenshot it's indicated the "bearer" token type in lower case. We are talking about RFC here, so if it's indicated insensitive it's not a typo. Could you please escalate this issue to the product team and do the appropriate investigation with IETF ?
Thank you for your support
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2022-12-12T18:20:38.41+00:00

Thank you for your reply @Gaylord Dusautoir ! I have already escalated this issue to respective product owners and awaiting response. Will keep you posted as soon as I have update from them.

Thank you
Rory Tarnow-Mordi 1 Reputation point

2022-12-15T02:52:33.933+00:00

This is an issue we're having as well, and if we're quoting the RFCs then the original reference seems to be the correct one, Kranthi's just gives examples. Look specifically at this section of RFC6749: https://www.rfc-editor.org/rfc/rfc6749#section-5.1 :

token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.

Emphasis mine
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2023-01-09T17:19:53.493+00:00

Hello @Gaylord Dusautoir , @Rory Tarnow-Mordi ,

Following up to see if you have got a chance to try the workaround provided? Please let me know if that helps to unblock you.
Regarding the bug, product is working on fixing it. The tentative ETA is end of January (Note: Please note this is a tentative date) . I will keep you posted as soon as the fix is rolled out.

Thank you

Answer 1

Hello @Gaylord Dusautoir , @Rory Tarnow-Mordi ,

After further analysis, this seems to be a bug in REST connector where it is expecting a case sensitive Bearer and when the authorization server returns lower bearer it is throwing an exception as the case sensitive validation fails. But when looked at the RFC6749 documentation the bearer token value is case insensitive. We have escalated this to respective product team to further evaluate and fix at the earliest possible. We do not have an ETA at this point but will keep you posted when we hear back from product team about the ETA.

Workaorund: Until the issue is resolved from product team, as a workaround it is recommended to use Web activity (to get access token) + Copy activity (using access token to connect target source like 'Bearer + token')' instead of rest connector.

Video: A similar requirement has been discussed in this video tutorial as well: Working with Token based REST API in Azure Data Factory

Hope this info helps. Do let us know how it goes.

Thank you

Share via

Azure Datafactory - OAuth2 Access token type not supported

1 answer

Your answer