search

RogerSelwyn / O365-HomeAssistant

Office 365 integration for Home Assistant
MIT License
193 stars 15 forks source link

oauthlib.oauth2.rfc6749.errors.TokenExpiredError: (token_expired) #247

Closed jtsvba closed 1 week ago

jtsvba commented 1 week ago

Since yesterday, I am unable to use any of the O365 sensors or actions. Upon rebooting and installing to the latest version of both HA (2024.9.1) and O365, I am struggling to set up the integration again. Home Assistant provides the following log:

Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/O365/connection.py", line 785, in _internal_request response = request_obj.request(method, url, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests_oauthlib/oauth2_session.py", line 528, in request url, headers, data = self._client.add_token( ^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 217, in add_token raise TokenExpiredError() oauthlib.oauth2.rfc6749.errors.TokenExpiredError: (token_expired)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 416, in _async_setup_component result = await task ^^^^^^^^^^ File "/config/custom_components/o365/init.py", line 52, in async_setup await _async_setup_account(hass, account, conf_type) File "/config/custom_components/o365/init.py", line 79, in _async_setup_account check_token = await _async_check_token(hass, account, account_name) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/config/custom_components/o365/init.py", line 117, in _async_check_token await hass.async_add_executor_job(account.get_current_user) File "/usr/local/lib/python3.12/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, self.kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/O365/account.py", line 132, in get_current_user return directory.get_current_user() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/O365/directory.py", line 328, in get_current_user return self._get_user(url, query=query) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/O365/directory.py", line 302, in _get_user response = self.con.get(url, params=params) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/O365/connection.py", line 898, in get return self.oauth_request(url, 'get', params=params, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/O365/connection.py", line 887, in oauth_request return self._internal_request(self.session, url, method, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/O365/connection.py", line 802, in _internal_request if self.refresh_token() is False: ^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/O365/connection.py", line 699, in refresh_token self.session.refresh_token( File "/usr/local/lib/python3.12/site-packages/requests_oauthlib/oauth2_session.py", line 496, in refresh_token self.token = self._client.parse_request_body_response(r.text, scope=self.scope) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 427, in parse_request_body_response self.token = parse_token_response(body, scope=scope) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 441, in parse_token_response validate_token_parameters(params) File "/usr/local/lib/python3.12/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 448, in validate_token_parameters raise_from_error(params.get('error'), params) File "/usr/local/lib/python3.12/site-packages/oauthlib/oauth2/rfc6749/errors.py", line 399, in raise_from_error raise cls(kwargs) oauthlib.oauth2.rfc6749.errors.InvalidGrantError: (invalid_grant) AADSTS700003: Device object was not found in the tenant 'ed966fb3-1815-4036-9702-cee2b789de96' directory. Trace ID: e8e17d4c-625d-4ce2-bbdb-fa75c479ca00 Correlation ID: 06afa540-4a01-4a2b-9b66-8a347d952257 Timestamp: 2024-09-10 07:43:09Z

RogerSelwyn commented 1 week ago

This looks like some problem you have within your AD. I suspect you will need to talk to your system administrator as to whether new policies have been implemented.

To ensure everything is clean at the O365 integration end, I would delete the Azure app (being aware that for personal accounts you may not be able to create a new app - in which case don't delete the app, just make sure the permissions are correct), delete the token from your setup and then resetup following the instructions carefully.

jtsvba commented 1 week ago

@RogerSelwyn thanks for your quick response! Appreciate it. Guess I didn't try everything, because I had to delete the the stored token file, then restart and got it back working again. I was afraid the admins indeed changed something in AD, since we've had some security updates lately.

tldr; issue solved!