问题
I'm getting invalid_grant error while generating access token using refresh token
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
Response
{
"error": "invalid_grant",
"error_description":
"AADSTS50173: The provided grant has expired due to it being revoked. The user might have changed or reset their password. The grant was issued on '2018-06-13T23:20:02.9860000Z' and the TokensValidFrom date for this user is '2018-06-15T17:21:11.0000000Z'\r\nTrace ID: 4237d0b8-51fe-43c2-9b5c-ca9148175400\r\nCorrelation ID: d192091b-6277-4ef9-859a-87ba7f87491a\r\nTimestamp: 2018-06-18 07:22:59Z",
"error_codes": [50173],
"timestamp": "2018-06-18 07:22:59Z",
"trace_id": "4237d0b8-51fe-43c2-9b5c-ca9148175400",
"correlation_id": "d192091b-6277-4ef9-859a-87ba7f87491a"
}
The user was asked to change password and the password was changed. Seeing this error even after the password is changed. Will the refresh token become invalid in this case?
回答1:
Yes, refresh tokens will become invalid after a password change.
Only non-password based tokens will stay valid.
(see active directory token documentation for more information)
回答2:
If you get this error while using the azure-cli You can fix by:
az account clear
az login
That happened because after you change your password, tokens that are based own passwords will be expiry. Then you need to clear your account to login again.
More information here
来源:https://stackoverflow.com/questions/50905271/failure-to-generate-access-token-using-refresh-token-for-o365-api