Add Refresh Token (delegated OAuth) authentication to the Microsoft Inbound Connector #6476
Description
Add Refresh Token (delegated OAuth) authentication to the Microsoft Inbound Connector (parity with Microsoft Teams connector)
Is your feature request related to a problem? Please describe.
The new Microsoft Inbound Connector needs to run as a long-lived integration (polling and/or subscription handling), which requires reliable, renewable access to Microsoft Graph.
Today, we only have an application-permissions (client credentials) story in some Microsoft connectors, but many enterprise tenants restrict Graph access to delegated permissions only due to the security risk of tenant-wide application permissions. In those environments, the inbound connector cannot be adopted.
We already supports a Refresh Token authentication option in the Microsoft Teams connector (including the required Tenant ID, Client ID, Secret ID inputs), so users reasonably expect the same authentication option for inbound Microsoft connectors. https://github.com/camunda/connectors/blob/main/connectors/microsoft/teams/src/main/java/io/camunda/connector/model/authentication/RefreshTokenAuthentication.java
https://github.com/camunda/connectors/blob/main/connectors/microsoft/teams/src/main/java/io/camunda/connector/model/authentication/RefreshTokenAuthentication.java
Describe the solution you'd like
Add a Refresh Token authentication option to the Microsoft Inbound Connector, aligned with the Microsoft Teams connector UX and configuration:
Additional context
- Microsoft Teams connector already supports
Bearer Token,Refresh Token, andClient credentialsauthentication types, and provides a clear precedent for how we should model refresh-token auth in connector configuration and UX. :contentReference[oaicite:2]{index=2} - For parity and consistency, the inbound connector should reuse the same naming, field semantics, and secret-handling pattern as Teams (Tenant ID, Client ID, Secret ID, Refresh token). :contentReference[oaicite:3]{index=3}