Hey everyone,
I'm running into this annoying and process breaking OAuth issue that's driving me up the wall. I'm using iPaaS solution Make.com to create a custom connection to an AD app. In Make.com, I've created some integration scenarios that utilize this connection to execute tasks like creating leads, reading accounts and contacts, and sending that to other systems etc. This connection works fine, except every 10 minutes or so (which coincides with a typical OAuth refresh cycle if I'm not mistaken), my scenarios will bug out because the nodes that interact with the AD app start throwing 401 errors.
When I go into the connection and manually reauthorize it, I get the following error:
{ /message/: /The request failed due to failure of a previous request./, /code/: /SC424/, /suberrors/: [ { /message/: /AADSTS500011: The resource principal named https://xxxxxxx.crm4.dynamics.com/.default,https://xxxxxx.crm4.dynamics.com was not found in the tenant named xxxxxx. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 080be014-db46-4dc6-b6b7-444640130b00 Correlation ID: 42b3cd7b-0049-44ab-9c9c-c60b36f96ecd Timestamp: 2024-04-12 07:11:25Z/, /name/: /Error/ } ]}
The resource principal corresponds to the Scope value that I enter when configuring the connection (see screenshot below). But that full string that includes the URL twice is not supposed to be there. Somehow my OAuth process has decided to append the base URL to the Scope definition again whenever it tries to reauthorize. And obviously, that throws an error because there's no such scope in the AD App. I can fix it by manually editing the connection, and without changing anything to the window below, saving it. That somehow resets it, but obviously I don't want to do that every 10 minutes.
I've reached out to Make.com for support, but they're not super helpful. I'm trying to determine whether this is caused by Make or by the AD app, but I don't know a lot about Dynamics (or OAuth for that matter, only the basics). Does anyone know if this might be caused by something in the AD configuration?
