Exchange Online consent validation and HTTP error 401 [Kaspersky Security for Microsoft Office 365]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Problem

OAuth consent validation algorithm is the same for Exchange online, OneDrive and SharePoint online. 

Initial steps of consent validation algorithm are basically the following:

1. A user is redirected to the Microsoft website, where the user agrees to provide necessary permissions for our Azure application.
2. KS365 receives an OAuth callback confirming that the consent was received. But we do not trust this callback as it can be forged.
3. The user is redirected to the Microsoft website to receive an access token that will be used for the validation of the user authenticity.
4. KS365 receives the callback with the access token. After that, the user is redirected to the KS365 website, where the user's session will be started.

Step-by-step guide

When the user is redirected back to our website on the 4th step, they can encounter the HTTP 401 error:

 

In theory, the user should have successfully authorized as all the necessary data is stored in the browser cookies. Thus, the issue must be on the user's browser side.

In such cases, we recommend to attempt the following:

1. Try to add the integration with Exchange Online/Sharepoint Online/OneDrive in a different browser (or even try a different host with different browser versions/settings).
2. Check browser settings related to cookies: if they are supported/enabled, try disabling auto-delete of cookies if it is enabled, etc.