Renewing OAuth Token in App Manager

  • Updated
Follow

The OAuth token in the App Manager is used for authentication and is good for only 90 days.

Refreshing this token only needs to be done 1 time for all sites/App Managers using the same Active Directory App (Graph App) in only 1 App Manager.

Confirming Graph App Scope with App Manager

To determine if your App Manager is using the same Graph App, on the site collection, navigate to App Manager > Management App > Site Creator.

  • Set “site selector” = Digital Workplace Core Site
  • Set “Select an Action” = Update Configuration

Enable Azure AD should be checked if you are using a Graph App:

client_id.png

If the Client ID is the same on multiple sites, then you have more than one site using the same Graph App.  You will need to follow the steps below ONLY for each site that has a unique client ID, only 1 time per Graph App.

Refreshing the App Manager OAuth Token

You can access this button by opening App Manager, clicking the User Icon on the top right hand side of the screen, and then click on Settings on the drop down menu.

mceclip0.png

  1. Have all users sign out of App Manager.
    • This step is key in order to force all users' browser to get the updated token.
    • It is recommended that you send a maintenance notice to all users, requesting them to sign out before you click on the OAuth Token button and then send a follow up to all users when the action is completed.
  2. After all users have logged out of App Manager, click on the "Acquire Forms OAuth Token" button.
  3. All users must log back in so that they can acquire the new token.

Future Maintenance

It is recommended that you create an event for one Site Administrator to click on the "Acquire Forms OAuth Token" button 85 days from the last date it was updated. It's critical this is only done by one user.

Note: If 2 users click on the OAuth token, then the token will be reacquired by the last.  Do not randomly click this button as it changes the token each time it is clicked.

Restricting Access to Refresh OAuth Token

You could create a super user account on your site, allowing only 1 specific user to see the button. To do so, you'll need to set the user's email address in the interchange.settings.config file on your server.

<add key="akumina:BackgroundUser" value="OAuth:Background~siteadmin@email.com" />

** Replace "siteadmin@email.com" with the user's email address

Related articles