Official SuiteCRM Outlook Plugin v4 has arrived - Compatible with the Outlook Web App or Outlook 2016+ connected to Office365 or Exchange Server 2016. A complete rebuild developed and maintained by SuiteCRM developers, the addon retains previous functionality while massively improves performance, reliability and stability!
#5387 - Plugin does not consider Refresh-Token and is loosing authentication
In our system an Access-Token is valid for 3600 seconds (1 hour), I think this is the system default. Based on this information our observation is that we have to re-login in the Outlook Plugin every hour (we are using plugin version 4.2.1). After login we can not found any refresh-token call in the logs:
192.168.50.254 - - [19/Jun/2024:06:53:26 +0000] "GET /Api/index.php/V8/module/Users?fields[User]=sa_outlook_is_licensed&filter[user_name][eq]=user@domain.net&page[size]=1 HTTP/1.1" 200 2285 192.168.50.254 - - [19/Jun/2024:06:55:06 +0000] "GET /public/plugins/SA_Outlook/bg_home-1.a10b0bbd1f90f3b0.png HTTP/1.1" 304 - 192.168.50.254 - - [19/Jun/2024:06:55:06 +0000] "GET /public/plugins/SA_Outlook/assets/suite-crm_logo.png HTTP/1.1" 304 - 192.168.50.254 - - [19/Jun/2024:06:55:06 +0000] "POST /Api/index.php/V8/logout HTTP/1.1" 200 98 192.168.50.254 - - [19/Jun/2024:06:55:14 +0000] "GET /Api/access_token HTTP/1.1" 405 54 192.168.50.254 - - [19/Jun/2024:06:55:34 +0000] "POST /Api/index.php/access_token HTTP/1.1" 200 1659 192.168.50.254 - - [19/Jun/2024:06:55:35 +0000] "GET /index.php?entryPoint=outlookAddinModules HTTP/1.1" 200 519 192.168.50.254 - - [19/Jun/2024:06:55:35 +0000] "GET /Api/index.php/V8/module/Users?fields[User]=sa_outlook_is_licensed&filter[user_name][eq]=user@domain.net&page[size]=1 HTTP/1.1" 200 2285 192.168.50.254 - - [19/Jun/2024:06:58:14 +0000] "POST /Api/access_token HTTP/1.1" 200 1659
-> no refresh token call in this time frame and the next action in the plugin is answered with 401 by the backend:
192.168.50.254 - - [19/Jun/2024:08:16:00 +0000] "GET /index.php?entryPoint=outlookAddinModules HTTP/1.1" 200 519 192.168.50.254 - - [19/Jun/2024:08:16:00 +0000] "GET /Api/index.php/V8/module/Users?fields[User]=sa_outlook_is_licensed&filter[user_name][eq]=user@domain.net&page[size]=1 HTTP/1.1" 401 229 192.168.50.254 - - [19/Jun/2024:08:16:01 +0000] "POST /Api/index.php/access_token HTTP/1.1" 401 118 192.168.50.254 - - [19/Jun/2024:08:16:01 +0000] "GET /Api/index.php/V8/module/Users?fields[User]=sa_outlook_is_licensed&filter[user_name][eq]=user@domain.net&page[size]=1 HTTP/1.1" 401 229 192.168.50.254 - - [19/Jun/2024:08:16:01 +0000] "POST /Api/index.php/access_token HTTP/1.1" 401 118
What is the intended behaviour of the plugin, that a re-login should be done based on the TTL of the Access-Token? Our expectation would be that the refresh-token is used and the user keeps authenticated.
6 months ago
Hi there,
The authentication issue related to refresh tokens is a known core problem in the latest releases of SuiteCRM. This issue affects versions from SuiteCRM 7.13.3 up to the latest Suite8 versions. However, we strongly advise against reverting to earlier versions of SuiteCRM due to security and bug-related concerns.
We anticipate that the Core Product Team will provide a fix and release of SuiteCRM in the near future.
Thanks, The Outlook Plugin Team
6 months ago
Can you provide some further details or a link to a ticket? If there is an issue with the Refresh-Token, the plugin should try to get a new Access-Token via Refresh-Token and there should be something in the logs but we do not see such requests from the Plugin. If the TTL is 3600 then the plugin would need to pick a new Access-Token short before the token gets invalid?
4 months ago
This issue has been resolved in SuiteCRM release 7.14.5 and 8.6.2