Symptoms

While trying to add users to a process, get data about the user, etc we are getting the following error:

OAuth token requires authorization.

This error is flooding our Host Server logs. We are seeing this on PROD and DEV.

Some entries from our Host Server logs:

"51361974","2015-12-09 11:16:23","Error","IdentityService","64005","ResolvingException","MessageBusRuntime","64005 Failed to resolve 'AAD Service account': OAuth token requires authorization..","anonymous","0.0.0.0","Server:d:program files (x86)k2 blackpearlhost serverBin","51361974","d076b7b9929249d29b8177e1a3ce5dc4",""

"51362050","2015-12-09 11:17:04","Error","IdentityService","64005","ResolvingException","IdentityService.ProviderCacheIdentity:RoleProvider.GetUser","64005 Failed to resolve AAD aaccount': OAuth token requires authorization..","anonymous","0.0.0.0","Server:d:program files (x86)k2 blackpearlhost serverBin","51362050","edfe821e83bd48d6ad9a4aca47e31e50",""

 

Diagnoses

The issue was caused by Admin Token is expire. By default the Admin Token is expired in 90 days. Please see the following:
The Admin Token is expired in 90 days by default. Please see:
http://help.k2.com/onlinehelp/K2Appit/UserGuide/current/Content/Management_and_Administration/Admin_Token_Refresh.htm

 

Resolution

Customer was able to resolve the issue after perform the following steps:
1. Run SmartObject Service Tester on K2 App Server
2. Go to SmartObject Explorer > Azure Active Directory > tSite Name] > Users > Get
3. Try to enter user account that you tried to set permission
4. A popup will appear saying to try again after logging in
5. A new IE window will appear for you to login to Office365
6. Use the Global Admin account to login
7. A page will appear prompting you to allow K2 to access Office365
8. Once accepted, the next page will show Authorization Successful

You can set up Expiring Token Email Notification to refresh the Admin Token. Please see:
http://help.k2.com/onlinehelp/K2Appit/UserGuide/current/Content/Use_Troubleshooting.htm_tracksearch=OAuth