WorkestraDocs
Troubleshooting

Microsoft 365 Issues

Troubleshoot SSO login and Outlook email integration.

Microsoft 365 Issues

Common problems with Microsoft 365 SSO login and Outlook email integration.

SSO Login Issues

"Sign in with Microsoft" Does Nothing

  1. Check that Supabase Dashboard → Authentication → Providers → Azure is enabled
  2. Verify the Azure Client ID and Secret are correct
  3. Ensure the redirect URI https://<project-ref>.supabase.co/auth/v1/callback is registered in Azure AD

"AADSTS50011: The redirect URI does not match"

Add this exact URL to Azure AD → Authentication → Web redirect URIs:

https://eitztntfwelucezqxjmw.supabase.co/auth/v1/callback

User Created but No Workspace

  • Check /auth/callback handling — workspace creation may have failed
  • Look at Supabase Edge Function logs for errors during onboarding
  • Manually create a workspace via Settings → Workspace

Email Connection Issues

"OAuth session expired" on Callback

  • The httpOnly cookie wasn't sent by the browser
  • Check that your domain supports cookies (not localhost without HTTPS)
  • Ensure SameSite=Lax and Secure flags are set correctly

"Failed to obtain access token"

  • Client secret may be wrong or expired
  • Go to Azure Portal → Certificates & secrets and verify
  • Regenerate the secret if needed and update MICROSOFT_CLIENT_SECRET

"AADSTS700016: Application not found"

  • Wrong MICROSOFT_CLIENT_ID
  • Or the app registration was deleted
  • Verify the Client ID matches your Azure AD app

Sync Issues

Emails Not Syncing

  1. Check user_email_connections.is_active — may be deactivated after 10 errors
  2. Check user_email_connections.connection_error for details
  3. Verify NEXT_PUBLIC_APP_URL is set correctly (not localhost on production)

Token Refresh Fails

  • Refresh token may be revoked by user or admin
  • MICROSOFT_CLIENT_SECRET may have expired
  • User needs to reconnect their account

Webhook Issues

Webhooks Not Receiving Notifications

  1. Verify https://workestra.app/api/webhooks/outlook is publicly accessible
  2. Check subscription hasn't expired (3-day max TTL for Microsoft)
  3. Verify user_email_connections.webhook_subscription_id is set
  4. Check MICROSOFT_WEBHOOK_SECRET environment variable is configured

Your organization requires admin approval. Options:

  1. Ask your IT admin to approve Workestra in Azure AD
  2. If you're an admin, use the Admin Consent flow:
    • Navigate to /api/auth/outlook/admin-consent
    • Sign in as an Azure AD Global Admin or Application Admin
    • Approve for the entire organization

Environment Variables Checklist

VariablePurposeCommon Mistake
MICROSOFT_CLIENT_IDAzure app IDUsing Secret ID instead of Application ID
MICROSOFT_CLIENT_SECRETApp secretUsing Secret ID instead of Value
MICROSOFT_REDIRECT_URICallback URLTrailing slash mismatch
TOKEN_ENCRYPTION_KEYAES keyNot exactly 64 hex characters
MICROSOFT_WEBHOOK_SECRETWebhook validationMissing or mismatched

Email Sync Issues

Troubleshoot Gmail and Outlook email synchronization problems.

Kanban & Pipeline Issues

Fix drag-and-drop and pipeline display problems.

On this page

Microsoft 365 IssuesSSO Login Issues"Sign in with Microsoft" Does Nothing"AADSTS50011: The redirect URI does not match"User Created but No WorkspaceEmail Connection Issues"OAuth session expired" on Callback"Failed to obtain access token""AADSTS700016: Application not found"Sync IssuesEmails Not SyncingToken Refresh FailsWebhook IssuesWebhooks Not Receiving NotificationsAdmin Consent Issues"AADSTS90094: Admin consent is required"Environment Variables Checklist