cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Invalid S2S auth token error for API requests

Hagar_Z
Copper Contributor

‎Aug 29 2023 01:54 AM

‎Aug 29 2023 01:54 AM

Invalid S2S auth token error for API requests

Hi,
We are using Microsoft Graph API periodically to fetch information like directory audits and incidents.
Every hour or so the request returns the following error with status code 403:

Invalid S2S auth token: 
miseHost.HandleAsync did not succeed or AuthenticationTicket is null: 
MISE12034: 
AuthenticationTicketProvider Name:AuthenticationTicketProvider, 
GetVersion:1.8.0.0. ,    
at Microsoft.Identity.ServiceEssentials.MiseHost`1.<AuthenticateRequestAsync>d__39.MoveNext()\r\n--- 
End of stack trace from previous location where exception was thrown ---\r\n   
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n   
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n   
at Microsoft.Identity.ServiceEssentials.MiseHost`1.<HandleAsync>d__38.MoveNext()

 
When we retry the request again, it returns without an issue.

 

Appreciate your support,
Hagar

516 Views
0 Likes
3 Replies
Reply
3 Replies
LainRobertson

‎Aug 29 2023 06:08 AM

‎Aug 29 2023 06:08 AM

Re: Invalid S2S auth token error for API requests

@Hagar_Z 

 

This is expected behaviour as tokens are only short-lived by default, as described in the following articles:

 

 

You can have a read of the following which describe how to configure token lifetimes in various scenarios:

 

 

Of course, just because you can extend a token lifetime (be that organisation-wide or per app) doesn't mean you should. You have to do your own risk/benefit analysis on that topic.

 

Cheers,

Lain

0 Likes
Reply
Hagar_Z

‎Aug 29 2023 06:40 AM

‎Aug 29 2023 06:40 AM

Re: Invalid S2S auth token error for API requests

@LainRobertson 
Thanks Lain,

When making a request with an expired Access Token, the MS Graph API returns a 401 status code with the message: Access token has expired or is not yet valid.
In the case I have described, the response returns a 403 status code with the message Invalid S2S auth token plus something that looks like an internal error.

Thanks,

Hagar

 

0 Likes
Reply
LainRobertson

‎Aug 29 2023 07:30 AM

‎Aug 29 2023 07:30 AM

Re: Invalid S2S auth token error for API requests

@Hagar_Z 

 

Sorry, Hagar - you're quite correct. I focused on the recurrent interval and didn't pay attention to the HTTP code.

 

It does feel though like the HTTP 403 is the symptom rather than indicative of the cause, given the retry is successful. It's almost like the async ticket refresh is successful under the hood, but whatever made the call wasn't happy about waiting for it to successfully complete.

 

But that's pure speculation since I've never before seen the modules from that exception stack. It's more just a gut feeling.

 

I'm afraid I'm no help on this one.

 

Cheers,

Lain

0 Likes
Reply