We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

Problem getting document content via WebApi when using Office365 integration using System User

Hi, I've got a fairly narrow and specific issue, but perhaps someone has some relevant input.

We've got a customer in Online which uses the Office 365 integration to store their documents in Sharepoint instead of SO_ARC.

Now we want to allow an exernal system to use the new WebApi to download the documents. In the WebApi there is a URL, /api/v1/Document/999/Content, which can be used to get a Base64 version of the file. When we make a call to the WebApi using the Ticket of a normal user we are able to get the document as intended.

But, since the external system must be able to get a document without a user involved we need to be able to call the webservice using a System User. Using the GitHub project "SuperOffice.DevNet.Online.SystemUser.NetCore.Console" we've been able to generate a System User Ticket.

Using Postman I can use that System User Ticket to retrieve a document from a SuperOffice Online database which uses the standard SO_ARC setup like this:

However, if I do the exact same against the customer that uses the Office365 integration I get this error instead:

The error says: "Cannot acquire valid access-token without a valid refresh-token."

I've reported it to bug@superoffice.com, but perhaps someone in the community has experienced something similar...?

RE: Problem getting document content via WebApi when using Office365 integration using System User

Here is another approach to experiencing the samme error message.

In Service I've made this CRMScript:

#setLanguageLevel 3;

NSDocumentAgent docAgent;
NSStream stream = docAgent.GetDocumentStream(74);
Byte[] bytes = stream.GetStream();
log(encodeBase64(bytes, false));

When I execute the script manually by clicking the Execute button I get valid base64 back.

But If I set up a scheduled task to run the same script (so that it is run in another context than my logged in user) I get similar error:

Av: Frode Lillerud 5. sep 2019

RE: Problem getting document content via WebApi when using Office365 integration using System User

In this scenario, the best approach to take does not use a system user.

In the same way you obtain a system user token - by performing an interactive login to authenticate a user (using OpenID Connect) that returns an id_token, access_token and refresh token, instead of inspecting the id_token claims to get the system user token, store the refresh_token instead, and use that instead for non-interactive Bearer requests. 

This is touched on at the beginning of the Non-Interactive REST Access article.

It is also discussed and demonstrated in the SuperOffice Online OpenID Connect article. See the Authorization Code Flow section.

This is demonstrated in the following examples:

NodeJS/Express (obtain and use)

.NET MVC (obtain)

.NET Core (obtain)

Hope this helps!

Av: Tony Yates 6. sep 2019

RE: Problem getting document content via WebApi when using Office365 integration using System User

Thanks, I'll give that approach a go, and see if I can get it working.

Av: Frode Lillerud 7. sep 2019

RE: Problem getting document content via WebApi when using Office365 integration using System User

To conclude this post:

I worked with Frode on this yesterday. It seems Microsoft uses sliding expiration on their tokens. When not used for a period of time they will expire. Then the MS Office365 user will need to signout/signin again to refresh their token in order for the process to continue. This is the only way we were able to get it working for Frode yesterday.

I do not believe there is anything SuperOffice can do to change this behavior. Perhaps, under these circumstances, your application needs to prompt the MS Office365 user to signin again.

Hope this helps.

Av: Tony Yates 11. jun 2020