Skip to main content

Notifications

Copilot Studio - General
Suggested answer

Access Token Management

(1) ShareShare
ReportReport
Posted on by 4
I've set up a Copilot Studio bot with manual authentication so we can use tokens to access resources from our custom APIs. I've used the following documentation to set this up: Configure user authentication with Microsoft Entra ID and Configure single sign-on with Microsoft Entra ID for copilots in Microsoft Teams.
 
I have two questions:
  1.  How can I generate a new token during testing? Currently, the same token is returned until it expires, which is after one hour. Obviously, this isn't sustainable in testing scenarios. I've tried restarting the conversation, signing out of Copilot Studio, and clearing the browser's cache. Is there any way to do this? 
     
  2.  Is it possible to set up the bot to generate different tokens in order to access more than one resource? I've set up the app registration with API permissions from different custom APIs we've developed, but in Copilot Studio, how do we get a different token per resource? You can't set up the scopes section of the Authentication settings with scopes from different resources. When using the Microsoft Bot Framework and an Azure Bot resource, you can set up multiple OAuth connection settings, each one pointing to a different resource. Is there an equivalent method available with Copilot Studio? 
Thanks,
Doug
Categories:
  • Vinoth Selvam Profile Picture
    Vinoth Selvam 1,278 on at
    Access Token Management
     Hi jdmacdaddy,
     
    Sure Thanks, Your solution will be helpful for for others too.
     
    Thanks.
  • jdmacdaddy Profile Picture
    jdmacdaddy 4 on at
    Access Token Management
    Thanks Vinoth for your reply! I tried opening Copilot Studio in an incognito session as you suggested, but that didn't generate a new token. Maybe the token information is stored on the server side and a new one won't be issued until it is expired. 
     
    That's a good suggestion on creating a middleware function; I was thinking something similarly. We are in the process of setting up a call with Microsoft on Copilot Studio, so I'll post more here once we've discussed the matter with them. 
  • Suggested answer
    Vinoth Selvam Profile Picture
    Vinoth Selvam 1,278 on at
    Access Token Management
     
    Unfortunately, Copilot Studio doesn’t currently offer a native way to manually force token refreshes during testing. Opening Copilot Studio in an incognito or private window often forces re-authentication.
     
    Create a middleware function in your API that dynamically requests the necessary resource-specific token based on the requested endpoint/resource.
     
    Thanks.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Microsoft Kickstarter Events…

Register for Microsoft Kickstarter Events…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 145,304

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,703

Leaderboard