We have a long weekend here with Memorial Day, and are back on Tuesday which is the 27th.
You could also consider reaching out to the Tulip Support team or escalating to your Tulip representative to get faster attention if it’s critical for a deployment.
In the meantime, here are some troubleshooting steps. Likely you’ve probably done some or most of them, but I’m including them all just in case a detail in one of the early steps may help. Short version is yes, this may be related to expiry date – or to token refresh. I’ll start with instructions on how to set default_expires_in, and then share the more general troubleshooting steps. If resetting default_expires_in (Step 3 and detailed instructions below) doesn’t work, try Step 4 - debugging Token storage and refresh.
This is a long post but hopefully it’s helpful until the Office Hour.
Setting the default_expires_in
in Your HTTP Connector
There are two ways to configure the token expiration in your HTTP connector:
Method 1: Via the Advanced Configuration Settings
- Navigate to your HTTP connector configuration page
- Scroll down to the bottom where you’ll find the “Advanced Configuration” section (or a similar section, depending on your Tulip version)
- Look for a “Custom Configuration” or “Additional Settings” field that accepts JSON input
- Add the following JSON configuration:
{
"default_expires_in": 86400
}
(Where 86400 is the number of seconds for token expiration - 24 hours in this case – this value is what you change to make the expiry longer if needed)
Method 2: In the Authorization Settings
In newer versions of Tulip:
- Open your HTTP connector configuration
- In the Authentication section where you’ve selected “User Credentials”
- After entering your Client ID, Client Secret, and Scope
- Look for an “Advanced” or “Token Settings” option (may need to click to expand)
- There should be a field labeled “Token Expiration Time” or “Default Expires In”
- Enter the value in seconds (e.g., 86400 for 24 hours or a larger value if needed)
Important Notes:
- If you don’t see these options in your current version, you may need to update to a more recent version of Tulip that includes this feature.
- For the specific error you’re encountering with Azure authentication, setting a longer token expiration time (like 604800 seconds for 7 days) might help reduce the frequency of the “no operator token” errors.
- Make sure you add the
offline_access
scope to your OAuth configuration if you haven’t already, as this is necessary for Azure to provide refresh tokens.
- After making these changes, you’ll need to re-authenticate the connector to apply the new token expiration settings.
If you don’t see these options in your current version of Tulip, please consult Tulip Support or your administrator to check if this feature is available in your current version and how to access it.
Broader Troubleshooting Guide for the “OAuthError: no operator token” issue
Step 1: Check Your Authentication Configuration
- Verify your HTTP connector is configured with:
- Authentication type: User credentials (OAuth2)
- TLS: true (with your certificate correctly uploaded)
- Client ID and Client Secret from your Azure App Registration
- Appropriate scope (e.g., “offline_access” to get refresh tokens)
^^ please double check both OAuth2 and offline_access here
Step 2: Double check the OAuth Modes in Tulip
Tulip supports several OAuth authentication modes:
- OAuth 2 (Admin) - Tokens are stored at the connector level, managed by admins
- OAuth 2 (Operator) - Tokens are associated with individual operators
- Bearer - For static tokens
For your setup, ensure you’re using the appropriate mode based on your requirements.
^^ My guess is you are, this is just a next quick sanity check
Step 3: Address Token Expiration Issues
The intermittent nature of your issue strongly suggests token expiration problems. When you create a function:
- Set
default_expires_in
in your connector configuration:
- You can add a setting in your connector configuration to set the default token expiration time
- Recent updates to Tulip allow defining a default expiry period for API tokens for OAuth connectors
- For the “no operator token” error specifically:
- This typically happens when an operator tries to use a connector function but doesn’t have a valid token
- Ensure all operators have authenticated to the connector before using functions
- If using Operator mode, each operator needs to authenticate separately
^^ See deep dive section above for how to set this up in your connector settings
Step 4: Debug Token Storage and Refresh
The error suggests the token isn’t available when needed. To troubleshoot:
- Check if your Azure Entra app registration is correctly configured to provide refresh tokens
- Verify your connector is properly storing and refreshing tokens
- If tokens expire frequently, the refresh process might be failing
^^ For this please consult Azure Entra documentation. I’ve also included some ideas on how to do this in the next post below, but Azure Entra docs for your version are the source of truth here.
Step 5: Check Function Authentication Settings
When creating your POST API function:
- Ensure the authentication method in the function matches your connector settings
- For OAuth authentication, your function should use:
- Authorization headers automatically populated by the connector
- Ensure you’re not trying to manually include authentication headers
Additional Recommendations:
- Token Expiration Settings:
- In your Azure Entra app registration, check the token lifetime policies
- You can adjust token lifetimes in Azure to be longer if needed
- Function Configuration:
- When creating your function, ensure you’re not overriding the authentication method
- TLS Certificate:
- Since you’re uploading a certificate with a passphrase, ensure it’s in the correct format
- The certificate should be properly recognized by Tulip
If the issue persists, specific logs from when the error occurs would be helpful for further troubleshooting. In many cases like this, token synchronization between Tulip and Azure can be the root cause of intermittent issues.