Question

Nintex Cloud Xtensions with SPO fail to Add a connection

  • 27 November 2023
  • 6 replies
  • 74 views

Badge +1

Good morning,

I’m a newcomer in NWC and Azure. Recently I found an example in Nintex Xtension gallery: https://gallery.nintex.com/t/sharepoint-online-additional-web-actions

I followed the steps in article to create this Xtension and asked my Azure admin to grant permission of SharePoint Online API Permission in Azure. However, the error said when I clicked add a connection in NWC that “The authorization server encountered an unexpected condition that prevented it from fulfilling the request.”

I’ve managed to change my security objects or even the authentication of redirect URI. In Configure platforms if I chose from Web to SPA(single-page application), the error said “the Proof Key for Code Exchange is required for cross-origin authorization code redemption.”

Did anyone have any idea? Thank you!

 


6 replies

Userlevel 3
Badge +7

Hi @Rosy.Lee,

 

I know this might be a silly question, but thought I would ask before trying to figure out what else might be causing this issue, but was the Swagger definition updated before you uploaded it to NAC? Specifically this step below:

 

“Note: Before uploading the JSON file for this Xtension, the security scopes for each of the methods along with the authorization and Token URLs must be updated. In the file use a replace function to replace all instances of {TenantName} with your O365 Tenant Name, e.g. {TenantName}.onmicrosoft.com becomes Contoso.onmicrosoft.com

 

I just wanted to make sure that all the instances within that file where {TenantName} appears, you have replaced it with your tenant name, as well as the authorisation and token URL updates.

 

Kind Regards,

Mark.

Badge +1

Hi @Rosy.Lee,

 

I know this might be a silly question, but thought I would ask before trying to figure out what else might be causing this issue, but was the Swagger definition updated before you uploaded it to NAC? Specifically this step below:

 

“Note: Before uploading the JSON file for this Xtension, the security scopes for each of the methods along with the authorization and Token URLs must be updated. In the file use a replace function to replace all instances of {TenantName} with your O365 Tenant Name, e.g. {TenantName}.onmicrosoft.com becomes Contoso.onmicrosoft.com

 

I just wanted to make sure that all the instances within that file where {TenantName} appears, you have replaced it with your tenant name, as well as the authorisation and token URL updates.

 

Kind Regards,

Mark.

Hi @MarkduToit sir,

Yes, I did replace {TenantName} before uploading the json file. The other page I got when connecting is as below, and I just changed the authentication in Azure app from Web to SPA: 

 Have you ever seen this message before? Thank you!

Userlevel 3
Badge +7

Hi @Rosy.Lee,

 

I haven’t, but will loop in my colleague @Jake as he has a wealth of experience on SharePoint and may be able to assist. @Jake, do you think this has something to do with the way the permissions were set up for the connection?

 

Kind Regards,

Mark.

Userlevel 5
Badge +11

Hi @Rosy.Lee 

What region is your Nintex tenant located?

If it is not west US then the instructions might be incorrect as the URI would be different.

https://us.nintex.io/connection/api/Token

might be https://eu.nintex.io/connection/api/Token
or https://uk.nintex.io/connection/api/Token
or https://au.nintex.io/connection/api/Token
or https://ca.nintex.io/connection/api/Token

Badge +1

Hi @Rosy.Lee 

What region is your Nintex tenant located?

If it is not west US then the instructions might be incorrect as the URI would be different.

https://us.nintex.io/connection/api/Token

might be https://eu.nintex.io/connection/api/Token
or https://uk.nintex.io/connection/api/Token
or https://au.nintex.io/connection/api/Token
or https://ca.nintex.io/connection/api/Token

Hi @Jake,

I found that the region of my tenant is West US in Nintex Settings page. Do you have any idea about the connection? I followed the instructions and selected Generic OAuth2 as the security option of this Xtensions.

Looking forward to your reply.

Thank you!

Userlevel 5
Badge +11

Hi @Rosy.Lee 

 

I have taken a look into this and it appears that the error indicates it is expecting a challenge code which is strange.

I ran through the instructions in the gallery, adding it to a new tenant (I am EU based so your URLs will be US):
 

Created an azure application for the connection (please use web for the URI):

Grant delegated permissions for Sharepoint and user  

Generated a secret for later, keep this safe.  

 

seems the instructions are not the best, it forgot to mention we need to set the tenancy name after changing the xtension file replacing {tenency} with the prefix for my tenant ntxte01 it no longer errors:

 

On this screen:


We take the client ID from the application (I always forget to remember that this is not the secret ID)

 

The secret is the value from the secret screen shown earlier.

I was able to add it:
 

 

Lets create the connection:
 

 

If you manage to follow these steps and still experience the same errors it is likely there are potentially security featured relating to PKCE requirement specific to your tenant that it might be best to take up with the wider global admin team.

 

Jake 

Reply