Forum Discussion
Refresh Token
Hi ,
Does anybody been facing the same issue?
I have read some of the documentation but I could not find the answer that meets the problem.
I do appreciate your assistance.
Based on the information you provided we have identified the following issue and recommend taking the action to resolve the issue.
Error Code: 50173
Message: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{authTime}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{validDate}'.
Action: Expected part of the token lifecycle - either an admin or a user revoked the tokens for this user, causing subsequent token refreshes to fail and require re-authentication. Have the user sign-in again
Regards
You are getting this error since your Refresh Token has been expired (I am sure, you already know this). By default, the lifetime for the refresh token is 90 days. The refresh token can be expired due to either if the password changed for the user or the token has been revoked either by user or admin through PowerShell or Azure AD portal.
See https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#revocation post to know more about Refresh Token Expiration : https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#revocation
If your token not expired by anyone of the listed method in the above post, then confirm that you have configured Conditional Access policy and configured the Session -> Sign-in frequency control. This is an another way to control user Refresh Token and force user to sign-in again.
Refer the below post to know more about Authentication session management with Conditional Access.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime
4 Replies
End users encountering this issue should be able to force a token refresh by simply logging out of Teams and then logging back in. I was getting a similar error and resolved it that way.
You are getting this error since your Refresh Token has been expired (I am sure, you already know this). By default, the lifetime for the refresh token is 90 days. The refresh token can be expired due to either if the password changed for the user or the token has been revoked either by user or admin through PowerShell or Azure AD portal.
See https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#revocation post to know more about Refresh Token Expiration : https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#revocation
If your token not expired by anyone of the listed method in the above post, then confirm that you have configured Conditional Access policy and configured the Session -> Sign-in frequency control. This is an another way to control user Refresh Token and force user to sign-in again.
Refer the below post to know more about Authentication session management with Conditional Access.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime
- Kevin_Morgan
Thank you for your answer
I ran this Powershell command
Revoke-AzureADUserAllRefreshToken -ObjectId dsafsi4r5u6w4wt4h
I'm waiting for user confirmation.
Regards
Regards
