Forum Discussion

Khaled_Arafat's avatar
Khaled_Arafat
Copper Contributor
Nov 18, 2021
Solved

Refresh Token

Hi , Does anybody been facing the same issue? I have read some of the documentation but I could not find the answer that meets the problem.    I do appreciate your assistance. Based on the inform...
Refresh
  • Kevin_Morgan's avatar
    Kevin_Morgan
    Nov 19, 2021

    Khaled_Arafat 

     

    You are getting this error since your Refresh Token has been expired (I am sure, you already know this). By default, the lifetime for the refresh token is 90 days. The refresh token can be expired due to either if the password changed for the user or the token has been revoked either by user or admin through PowerShell or Azure AD portal.

     

    See https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#revocation post to know more about Refresh Token Expiration : https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#revocation 

     

    If your token not expired by anyone of the listed method in the above post, then confirm that you have configured Conditional Access policy and configured the Session -> Sign-in frequency control. This is an another way to control user Refresh Token and force user to sign-in again.

     

    Refer the below post to know more about Authentication session management with Conditional Access.

     

    https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

Kevin_Morgan's avatar
Kevin_Morgan
Iron Contributor
Nov 19, 2021

Khaled_Arafat 

 

You are getting this error since your Refresh Token has been expired (I am sure, you already know this). By default, the lifetime for the refresh token is 90 days. The refresh token can be expired due to either if the password changed for the user or the token has been revoked either by user or admin through PowerShell or Azure AD portal.

 

See https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#revocation post to know more about Refresh Token Expiration : https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#revocation 

 

If your token not expired by anyone of the listed method in the above post, then confirm that you have configured Conditional Access policy and configured the Session -> Sign-in frequency control. This is an another way to control user Refresh Token and force user to sign-in again.

 

Refer the below post to know more about Authentication session management with Conditional Access.

 

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

  • Khaled_Arafat's avatar
    Khaled_Arafat
    Copper Contributor
    Nov 19, 2021
    Kevin_Morgan
    Thank you for your answer
    I ran this Powershell command
    Revoke-AzureADUserAllRefreshToken -ObjectId dsafsi4r5u6w4wt4h
    I'm waiting for user confirmation.

    Regards


    Regards
    • Khaled_Arafat's avatar
      Khaled_Arafat
      Copper Contributor
      Nov 22, 2021
      Hi Kevin_Morgan
      It worked thank you for your assistance.
      My user is now able to log in.

      Regards

Resources