Configuring MS Graph import source to use oAuth server
Issue
When configuring an MS Graph import source in TotalAgility (KTA), we choose an oAuth server
However, the oAuth server has not been authenticated with the same user that we are configuring the MS Graph Import source for we get the error:
“The specified object was not found in the store., The process failed to get the correct properties.”
Cause
OAuth 2.0 Authorization Code Grant is user specific.
If a KTA oAuth server is configured for UserA with Authorization Code grant, then this KTA oAuth server can be used inside an Import Connector only with UserA.
This behavior is by-design with OAuth 2.0 standards. Here, when you create a KTA oAuth server using Authorization Code grant for UserA, the oAuth token that Azure AD server generates and gives back to KTA is just for UserA.
You cannot use this token (inside a KTA Import connector) with any other user other than UserA.
Solution
If you want a general KTA oAuth server which can be used with any user inside Import Connectors, please consider using Client Credentials grant.
Please note that API permissions inside Azure Portal are different for Authorization Code grant and Client credentials grant, which you have to request your Azure tenant admin to configure accordingly. Check permissions in the Administrator's Guide - Permissions for OAuth section
The scope when using Client Credentials is - https://graph.microsoft.com/.default
Level of Complexity
Moderate
Applies to
| Product | Version | Build | Environment | Hardware |
|---|---|---|---|---|
| TotalAgility | v7.9 + |
References