cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Refresh Token

Khaled_Arafat
Copper Contributor

‎Nov 18 2021 07:07 AM - last edited on ‎Nov 09 2023 11:08 AM by

‎Nov 18 2021 07:07 AM - last edited on ‎Nov 09 2023 11:08 AM by

Refresh Token

Hi ,

Does anybody been facing the same issue?

I have read some of the documentation but I could not find the answer that meets the problem.   

I do appreciate your assistance.

Based on the information you provided we have identified the following issue and recommend taking the action to resolve the issue.

Error Code: 50173

Message: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{authTime}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{validDate}'.

Action: Expected part of the token lifecycle - either an admin or a user revoked the tokens for this user, causing subsequent token refreshes to fail and require re-authentication. Have the user sign-in again

 

 

Regards 

Labels:
47.4K Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Khaled_Arafat (Copper Contributor)
Kevin Morgan

‎Nov 19 2021 01:26 AM - edited ‎Nov 19 2021 03:45 AM

‎Nov 19 2021 01:26 AM - edited ‎Nov 19 2021 03:45 AM

Solution

Re: Refresh Token

@Khaled_Arafat 

 

You are getting this error since your Refresh Token has been expired (I am sure, you already know this). By default, the lifetime for the refresh token is 90 days. The refresh token can be expired due to either if the password changed for the user or the token has been revoked either by user or admin through PowerShell or Azure AD portal.

 

See this post to know more about Refresh Token Expiration : Refresh Token Revocation 

 

If your token not expired by anyone of the listed method in the above post, then confirm that you have configured Conditional Access policy and configured the Session -> Sign-in frequency control. This is an another way to control user Refresh Token and force user to sign-in again.

 

Refer the below post to know more about Authentication session management with Conditional Access.

 

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-...

0 Likes
Reply
Khaled_Arafat

‎Nov 19 2021 05:02 AM

‎Nov 19 2021 05:02 AM

Re: Refresh Token

@Kevin Morgan
Thank you for your answer
I ran this Powershell command
Revoke-AzureADUserAllRefreshToken -ObjectId dsafsi4r5u6w4wt4h
I'm waiting for user confirmation.

Regards


Regards
1 Like
Reply
Khaled_Arafat

‎Nov 22 2021 12:56 AM

‎Nov 22 2021 12:56 AM

Re: Refresh Token

Hi @Kevin Morgan
It worked thank you for your assistance.
My user is now able to log in.

Regards
1 Like
Reply
Brendan Weitzman

‎Apr 05 2023 11:19 AM

‎Apr 05 2023 11:19 AM

Re: Refresh Token

End users encountering this issue should be able to force a token refresh by simply logging out of Teams and then logging back in. I was getting a similar error and resolved it that way.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Khaled_Arafat (Copper Contributor)
Kevin Morgan

‎Nov 19 2021 01:26 AM - edited ‎Nov 19 2021 03:45 AM

‎Nov 19 2021 01:26 AM - edited ‎Nov 19 2021 03:45 AM

Solution

Re: Refresh Token

@Khaled_Arafat 

 

You are getting this error since your Refresh Token has been expired (I am sure, you already know this). By default, the lifetime for the refresh token is 90 days. The refresh token can be expired due to either if the password changed for the user or the token has been revoked either by user or admin through PowerShell or Azure AD portal.

 

See this post to know more about Refresh Token Expiration : Refresh Token Revocation 

 

If your token not expired by anyone of the listed method in the above post, then confirm that you have configured Conditional Access policy and configured the Session -> Sign-in frequency control. This is an another way to control user Refresh Token and force user to sign-in again.

 

Refer the below post to know more about Authentication session management with Conditional Access.

 

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-...

View solution in original post

0 Likes
Reply