SAP PI Mail Adapter with Oauth 2.0 to Microsoft Office 365 fails during authentication

Guedes, Bruno 20 Reputation points
2025-01-15T15:03:08.2633333+00:00

Hi,

I hope someone can help.

Our SAP mail adapter connects to URL imaps://outlook.office365.com:993/. We are using OAUTH and have the tenant ID and client secret generated along with the Azure AD configuration.

The SAP PI mail adapter fails

The OAuth user account has full access to the mailbox with the following error:

The real runtime error is: 

Exception caught during processing mail message; java.io.IOException: unexpected login response; read 001F NO LOGIN failed

through the SAP debug tool we also found this message:

Response-Code : {"error":"invalid_grant","error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid. Trace ID: a7495e7a-30b4-4d24-a04f-d30b027cab00 Correlation ID: 672e9e65-7d0e-474b-b6e5-d27652ad553e Timestamp: 2025-01-15 10:51:12Z","error_codes":[9002313],"timestamp":"2025-01-15 10:51:12Z","trace_id":"a7495e7a-30b4-4d24-a04f-d30b027cab00","correlation_id":"672e9e65-7d0e-474b-b6e5-d27652ad553e","error_uri":"https://login.microsoftonline.com/error?code=9002313"

 

Exception caught during processing mail message; java.io.IOException: Refresh Token configured in Communication Channel has been expired... Please generate new Refresh token using standard URL..

 

Can you please assist?

Thanks in advance.

Microsoft Entra
{count} votes

Accepted answer
  1. Raja Pothuraju 13,525 Reputation points Microsoft Vendor
    2025-01-27T11:38:19.32+00:00

    Hello @Guedes, Bruno,

    Thank you for connecting offline to discuss regarding this issue.

    As we discussed during the call, we have determined that the issue occurs because the application is not sending a subsequent request to the token endpoint to obtain an access token for API authorization using the OAuth 2.0 Authorization Code Grant Flow.

    Based on the network trace logs, we confirmed that your application is sending a GET request to the authorization endpoint to retrieve a code in response to your redirect URI. However, after receiving the code, it is not being exchanged for an access token by sending a POST request to the token endpoint, including the code and client_ID parameters in the request.

    For more details on the Authorization Code Flow, please refer to the following documentation: OAuth 2.0 Authorization Code Flow

    Diagram shows OAuth authorization code flow. Native app and Web A P I interact by using tokens as described in this article.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.