Hi Onno,

In this case, you can try with the scheduled action to refresh the token. Set up a scheduled action or cron job to run the token renewal logic at regular intervals. This ensures that access credentials are automatically renewed before they expire, minimizing the need for manual maintenance. You have to use the Microsoft Graph API, specifically the OAuth 2.0 token endpoint (https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token), to renew the access token using the refresh token. You'll need to send a POST request to this endpoint with the refresh token and other required parameters to obtain a new access token.

Hope this helps.

concerning Office365 and OAuth2 work flow: when Odoo alread has a refresh-token, getting (= refreshing) the access-token is described here

https//learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow@refresh-the-access-token

Now, the Odoo Microsoft Outlook Module (for outgoing mail servers) misses in its implementation, that refreshing the Access-token via the oauth2/v2.0/token Endpoint also delivers an updated refresh-token (have a look at the Microsoft Identity Platform Learn link above).

So in fact, Odoo always uses the same Refresh-Token in the Microsoft Outlook Module, once we got this Token via the "Connect your Outlook Account" on the Outgoing Mailserver Settings Page. In EntraID (Azure) this token has a default lifespan of 3 months, and it can be set to maximum of 12 months.

Thats why the problem with "The refresh token has expired due to inactivity" occurs when using the Microsoft Outlook Module in Odoo.

When inspecting the correspondig code in Odoo e.g. for V14 in odoo/addons/microsoft_outlook/models/microsoft_outlook_mixin.py:_generate_outlook_oauth2_string(), we have there:

(

self.microsoft_outlook_access_token,

self.microsoft_outlook_access_token_expiration,

) = self._fetch_outlook_access_token(self.microsoft_outlook_refresh_token)

And in _fetch_outlook_access_token():

response = self._fetch_outlook_token('refresh_token', refresh_token=refresh_token)

return (

response['access_token'],

int(time.time()) + response['expires_in'],

)

But the response from _fetch_outlook_token() above returns back also an updated refresh_token in the response: response['refresh_token'].

So all we need to do is to overwrrite _fetch_outlook_access_token() with:

response = self._fetch_outlook_token('refresh_token', refresh_token=refresh_token)

return (

response['access_token'],

response['refresh_token'],

int(time.time()) + response['expires_in'],

)

and _generate_outlook_oauth2_string() with:

(

self.microsoft_outlook_access_token,

self.microsoft_outlook_refresh_token,

self.microsoft_outlook_access_token_expiration,

) = self._fetch_outlook_access_token(self.microsoft_outlook_refresh_token)

This updates the refresh-token every time when trying to send an email and the access-token of the outgoing mail server has expired. Now if you want to update the refresh-token independently of sending emails, you would need to create a cron job on the ir.mail.server model with an action like this one:

@api.model

def _update_refresh_token(self):

server = self.search([('use_microsoft_outlook_service', '!=', False)]) or False

server = server[0] if server else False

if server and server.microsoft_outlook_refresh_token:

(

server.microsoft_outlook_access_token,

server.microsoft_outlook_refresh_token,

server.microsoft_outlook_access_token_expiration,

) = server._fetch_outlook_access_token(server.microsoft_outlook_refresh_token)

_logger.info(

'Microsoft Outlook, Outgoing Mailserver '%s': OAuth Refresh-Token Updated via Cron-Job',

(server.name))

return True

In the Python Code of the Cron Job for the model "ir.mail.server" you would then write:

model.._update_refresh_token()

By the way: above overwrites of _fetch_outlook_access_token() and _generate_outlook_oauth2_string() automatically updates the refresh-token also for incoming_imap mail servers when fetching email. Fetching email is already done regurarly by a cron job in Odoo.