FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAuth 2.0 Microsoft - Token error randomly

rmarkwald
Apprentice

‎11-06-2024 12:14 PM

All,

In preparation for SMTP AUTH getting turned off next year, I have set up the OAuth 2.0 (Microsoft) setting in the four Canon MFP's we currently have.  One machine, a Canon iR-ADV 529, will scan to email fine for about one week, then stops.  Remoting in shows a "token error", so we have to disable and enable the OAuth 2.0 function again, re-authenticate using the User Code, and it works...for about a week.  The other three machines do not do this and work without issue.

I know refresh tokens are valid for 90 days.  Does the MFP communicate with Office 365 before the 90-day mark to get a new token automatically, or will this require us to remote in to do these every 90 days?

Reaching out to our service vendor, they state "Not much else out there other than to redo it when it happens. I'm beginning to think it isn't a reliable service, but we have no control over it. Scan to Folder is the other option you can do."...I'm working with the remote site to further troubleshoot, but outside of this one MFP, I am starting to think something on-site could be an issue.

0 Likes
3 REPLIES 3

Danny
Moderator
Moderator

‎11-06-2024 12:16 PM

Thanks for joining the conversation, rmarkwald!

While our forum community members are welcome to chime in, Canon does not provide direct support for imageRUNNER series products. Instead, your dealer will be able to help you! If you don't have a dealer and you're in the United States, please call us at 1-800-OK-CANON (1-800-652-2666) and we will be happy to provide you with the names of dealers in your area.

If you're outside the USA, visit http://global.canon and choose your country or region from the map for local support.

We hope this helps!

0 Likes

bugmenotcanon
Apprentice

‎01-13-2025 01:18 PM - edited ‎01-13-2025 01:18 PM

Hi Mark,

I don't know if I've found the solution, but I think I know one or two things that might work.

  1. As you pointed out, refresh tokens are valid for 90 days, and as far as I could see, those aren't configurable.  However, I found a post on the Microsoft forums saying "... you can configure the sign-in frequency in Conditional Access to define the time periods before a user is required to sign in again." This seems to suggest a possible work-around. What I did:
    1. Go to entra.microsoft.com then Identity > Applications > Enterprise Applications
    2. Find & click "Application for Sending E-mail..." then click "Conditional Access" in the sidebar
    3. "New policy" at the top > click "0 controls" under Session > Type a name (ex: extended-login)
    4. Check Sign-in frequency > type a number and choose Days in the drop-down > click Select
    5. Click On at the bottom for "Enable policy" and then click Create
    6. In theory, now you'll just need to authenticate the printers once a year
       
  2. One of the first things I looked at was to compare OAuth Enterprise App configuration for the printers vs another app I have for OAuth for my Service Desk to send emails. When you find the printer app in sub-step 2 above, right under Conditional Access is Permissions - when you go there, there aren't any permissions listed. However, my Service Desk's KB article advised me to add the following permissions for the app. 
    However, this also has a "companion" app on portal.azure.com where I had to create a certificate that I then copied details from into the Service Desk config.  I set this cert to have a 2-year expiration.  I don't think Canon's config has anything that we can add these details to, so I'm not sure how viable this idea is, and I wasn't keen in adding permissions without verifying that they're necessary. Anyway, the permissions from the other app are shown in the table below if you want to play with them.  If I find anything else, I may update this again.

 

API nameClaim valuePermissionTypeGranted throughGranted by
Microsoft Graphoffline_accessMaintain access to data you have given it access toDelegatedAdmin consentAn administrator
Microsoft GraphUser.ReadSign in and read user profileDelegatedAdmin consentAn administrator
Microsoft GraphIMAP.AccessAsUser.AllRead and write access to mailboxes via IMAP.DelegatedAdmin consentAn administrator
Microsoft GraphPOP.AccessAsUser.AllRead and write access to mailboxes via POP.DelegatedAdmin consentAn administrator
Microsoft GraphSMTP.SendSend emails from mailboxes using SMTP AUTH.DelegatedAdmin consentAn administrator
Microsoft GraphMail.ReadWriteRead and write access to user mailDelegatedAdmin consentAn administrator

 

 

 

rmarkwald
Apprentice
In response to bugmenotcanon

‎01-13-2025 01:59 PM

Thank you for this information!  I do appreciate it!

0 Likes

Announcements

01/27/2025: New firmware updates are available.

EOS R5C - Version 1.1.0.1

EOS C80 - Version 1.0.2.1


01/22/2024: Canon Supports Disaster Relief Efforts in California
01/14/2025: Steps to resolve still image problem when using certain SanDisk SD cards with the Canon EOS R5 Mark II

12/18/2024: New firmware updates are available.

EOS C70 - Version 1.1.0.1

EOS C300 Mark III - Version 1..0.9.1

EOS C400 - Version 1.0.2.1

EOS C500 Mark II - Version 1.1.3.1

XF605 - Version 1.0.5.0


12/13/2024: EOS Webcam Utility Pro V2.3b is now available to support Windows on ARM PC users.

12/05/2024: New firmware updates are available.

EOS R1 - Version 1.0.1

EOS R5 Mark II - Version 1.0.2


11/14/2024: Windows V 2.3a installer for EOS Webcam Utility Pro is available for download
11/12/2024: EOS Webcam Utility Pro - Version 2.3 is available

09/26/2024: New firmware updates are available.

EOS R5 - Version 2.1.0

EOS R6 - Version 1.9.0

EOS R3 - Version 1.8.0

EOS R7 - Version 1.6.0

EOS R10 - Version 1.6.0

EOS R6 Mark II - Version 1.5.0

EOS R8 - Version 1.4.0

EOS R50 - Version 1.3.0

EOS R100 - Version 1.1.0

Powershot V10 - Version 1.3.0


08/09/2024: Firmware update available for RC-IP1000 - Version 1.1.1
08/08/2024: Firmware update available for MS-500 - Version 2.0.0
Copyright © 2025 Khoros, LLC