← Back to all provider errors
Microsoft
invalid_grant — Invalid grant
Auth code/refresh token invalid/expired/redeemed.
Riposte solution
Azure AD reported the grant (auth code or refresh token) is invalid or expired. This can happen if a refresh token is revoked or expired, or if an auth code was already used. To recover, start a new OAuth authorization for the user. Use /auth/sessions to get a fresh auth session and have the user authenticate again, obtaining new tokens.
Quick facts
- Provider
- Microsoft
- Endpoint / surface
- Azure AD OAuth 2.0
- Status code
- 400
Why it happens
[Expired code; Refresh token revoked; Wrong tenant]
How to fix it
[Get new code; re-auth user; ensure token redeemed in correct tenant]