I have an application that connects to a customers CSP account via CPV to collect billing data on their customers and subscriptions. On or around June 25th, our customers have stopped receiving cost information. Looking a little deeper into the job that collects this billing data, it's been timing out after an hour. There are customers that have billing data that takes less than an hour to complete, however, it seems to timeout regardless. The application implemented CPV authentication in January 2019, when Microsoft first announced it. There hasn't been any changes on the application side. We've requested that customers reconsent, and they've stated that they have, however we continue to fail to collect billing data and we get the following error:
"One or more errors occurred when authenticating. Error: Unauthorized access"
Any thoughts/suggestions/ideas as to why we're receiving this timeout or error would be appreciated.
@cdaignault this is happening because an access token is only valid for a hour. Which means if you have a long running process that makes multiple request to any API (e.g. Partner Center, Azure Resource Manager, Microsoft Graph, etc.) there is a chance the token will expire resulting in this error. My recommendation would be to impelement the appropriate logic to determine if the access you are using, to make requests, is about to expire. If it is then request a new one before continuing to make requests.
You may not have experinced this issue in the past because you might have been using ADAL which handles the refreshing of the access tokens for you. I will see if we can put together some additional guidance regarding long running operations.
If you are using Java Sdk for calling partner center api there is workaround for this.
while creating IPartnerCredentials you can paas a login handler that will be used if token gets invalidate.
IAadLoginHandler loginHandler = new SecureLoginHandler(properties, tokenProvider); IPartnerCredentials credentials = PartnerCredentials.getInstance().generateByUserCredentials( properties.getProperty(PropertyName.PARTNER_CENTER_CLIENT_ID), loginHandler.authenticate(), loginHandler);
tha last parameter (loginHandler) in generateByUserCredentials() method call above is used to generate the token again if its expired. Here is the java doc attached.
@idwilliams Hope I am assuming it right?Please correct me if I am wrong.
@akumar you are absolutely correct that you can use a custom login handler with the Java SDK to address this issue. However, that option is not available with the current version of the .NET SDK which means that logic needs to be handled by the developer. Once I get an opportunity I will put together some documentation that covers this exact scenario for .NET, Java, and PowerShell.
Hello @cdaignault ,
Sorry to hear about this!
Has this issue been solved meanwhile ?
It is likely to be related to the new Security Requirements Implementation announced by Microsoft.
Click here to read the announcement.
Also please review these active Forums. MFA
As CPV you are a targeted audience.
To help safeguard partners and customers, Microsoft is introducing a set of mandatory security requirements for partners participating in the Cloud Solution Provider (CSP) program, Control Panel Vendors, and Advisor partners.
Hope this helps,