Nylas Microsoft Provider, 45001 error code

Question and Answers
1

Hello.

An issue has occurred when connecting using Microsoft Provider.

Error - 45001 - Provider refused to return refresh_token using code.

URL after redirect to our website:

https://WEBSITE?error=provider_code_request_failed&error_code=45001&error_description=Provider refused to return refresh_token using code&state=…

All our scopes on both Nylas and Azure sides match. The only change we made was adding a new scope OnlineMeetings.ReadWrite(it was working correctly before this)

Do you have any ideas what specifically might be wrong? And what steps can we take?

2

Error 45001 (Provider refused to return refresh_token) means Microsoft is rejecting our request for the permanent refresh token due to a synchronization failure.

Next steps:

  1. Verify Client Credentials: In the Azure portal, ensure the Application (client) ID, the Client Secret Value, and the Redirect URI are entered exactly in Nylas for the correct region.

  2. Verify Scopes & Consent: Ensure all required scopes (including OnlineMeetings.ReadWrite) are present in Azure, and Admin consent has been granted for all permissions.

  3. Mandatory Refresh: Since every request is unique and the OAuth code is a one-time credential, you must restart the entire OAuth process (re-authenticate the user) after any Azure configuration change.

Reference: Creating an Azure app

1 Like
3

Please let us know the request ID if you’re still facing this issue, and we can investigate further into the root cause.

4

Request Id - 3982707269-89c168e1-8153-44d0-8244-89a8d515fc94

Thank you so much

6

Hello,

We are seeing the following error from the provider:
"AADSTS7000215: Invalid client secret provided”

Ensure the secret being sent in the request is the client secret value, not the client secret ID. Documentation

Many thanks,
Samuel R.
Support Engineer, Nylas

7

Hello,

Thank you for sending the request. This log confirms we are dealing with two separate fixes that the administrator must implement before the user can successfully re-authenticate.

1. Invalid Client Secret (Error Code: 7000215)

  • In the Azure portal, the administrator must go to Certificates & secrets for the application.
  • The administrator must copy the Value field of the secret (which is only visible immediately after creation, not the Secret ID).
  • If the original value was not saved, they must generate a new secret and update the Nylas connector with that correct Client Secret Value.

2. Permissions Failure (Error 45001)

The refresh token is being refused due to a permissions failure triggered by the new scope.

  • The Microsoft Admin must explicitly grant tenant-wide Admin Consent in Azure for the new OnlineMeetings.ReadWrite scope.
  • Verify that the offline_access scope is included in your OAuth request, as it is required by Microsoft to issue the refresh token.

3. After all checks and updates are complete, the user must restart the OAuth process to finalize the new permissions and issue a valid refresh token.

Please reach out to support@nylas.com if you continue to see any issues.