Canon Community

Hi Mark,

I don't know if I've found the solution, but I think I know one or two things that might work.

1. As you pointed out, refresh tokens are valid for 90 days, and as far as I could see, those aren't configurable.  However, I found a post on the Microsoft forums saying "... you can configure the sign-in frequency in Conditional Access to define the time periods before a user is required to sign in again." This seems to suggest a possible work-around. What I did:
   1. Go to entra.microsoft.com then Identity > Applications > Enterprise Applications
   2. Find & click "Application for Sending E-mail..." then click "Conditional Access" in the sidebar
   3. "New policy" at the top > click "0 controls" under Session > Type a name (ex: extended-login)
   4. Check Sign-in frequency > type a number and choose Days in the drop-down > click Select
   5. Click On at the bottom for "Enable policy" and then click Create
   6. In theory, now you'll just need to authenticate the printers once a year
       
2. One of the first things I looked at was to compare OAuth Enterprise App configuration for the printers vs another app I have for OAuth for my Service Desk to send emails. When you find the printer app in sub-step 2 above, right under Conditional Access is Permissions - when you go there, there aren't any permissions listed. However, my Service Desk's KB article advised me to add the following permissions for the app. 
   However, this also has a "companion" app on portal.azure.com where I had to create a certificate that I then copied details from into the Service Desk config.  I set this cert to have a 2-year expiration.  I don't think Canon's config has anything that we can add these details to, so I'm not sure how viable this idea is, and I wasn't keen in adding permissions without verifying that they're necessary. Anyway, the permissions from the other app are shown in the table below if you want to play with them.  If I find anything else, I may update this again.

We have this exact same issue on our Canon  iR-ADV C357 printers. The OAuth2.0 randomly expires. It will say "token error". The "user code" always seems to be stuck until I got into the basic settings of the printer and then go back. It happens on different printers and different address locations. To fix the token error I have to go into the printer ----> Microsoft Oauth2.0 ---> click on "Edit..." (to edit Basic settings) ----> don't change anything and click "OK" (to bring back to Oauth2.0 Microsoft main page) --->  I click "refresh icon" and then the "user code" will change ----> Then I have to reauthorize the token and activate it

I've contacted our support rep and they said the printer's firmware is up to date and nothing much they can do. Kind of at a loss with this issue.