Share via

Sign-in error code 50173

Tom Flanagan 21 Reputation points
2023-07-31T20:21:32.8333333+00:00

Failure reason

The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{authTime}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{validDate}'.

Additional Details

Expected part of the token lifecycle - either an admin or a user revoked the tokens for this user, causing subsequent token refreshes to fail and require re-authentication. Have the user sign-in again.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Tom Flanagan 21 Reputation points
    2023-08-01T12:58:48.9566667+00:00

    Thank you for the reply.

    Unfortunately, none of these resolutions apply or work.

    There is no conditional access policy applied.

    User has reset their password 3 time now.

    Account has been active since its creation.

    Grant has never been revoked by Admin or User.

    I've tried everything I can. Still no results.

    Sign-in error code

    50173

    Failure reason

    The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{authTime}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{validDate}'.

    Additional Details

    Expected part of the token lifecycle - either an admin or a user revoked the tokens for this user, causing subsequent token refreshes to fail and require re-authentication. Have the user sign-in again.

    1 person found this answer helpful.
    0 comments
  2. Harpreet Singh Matharoo 8,396 Reputation points Microsoft Employee Moderator
    2023-08-01T09:06:11.3866667+00:00

    Hello @Tom Flanagan ,

    The error message indicates that the provided grant has expired due to it being revoked, and a fresh auth token is needed. This error message is highlighted in our Azure AD Authentication and authorization error codes documentation.

    User's image

    There might be couple of possible scenarios in this case.

    1. This error is due to refresh token expiry either if the password changed for the user or the token has been revoked either by user or admin through PowerShell or Azure portal.
    2. There might be chance that Conditional Access policy has been configured to control user
      Refresh token and force user to sign-in again.
    3. Another possibility which is highly unlikely is Refresh token expired due to inactivity for more than 90 days.

    To resolve this issue, you can follow the below steps:

    Ask the user to sign in again to get a fresh auth token. This will help to resolve the issue in most cases.

    1. Check if the user has changed or reset their password. If yes, then the user needs to use updated the password in Azure Active Directory (Azure AD) to get a new auth token.
    2. Check if the grant has been revoked by an admin or a user. If yes, then the user needs to request a new grant from the admin or the user who revoked the grant.
    3. You can also check the Azure AD sign-in logs to get more information about the issue. The sign-in logs provide detailed information about the sign-in events, including the status, error codes, failure reasons and if any Conditional Access Policy is being applied. You can use this information to troubleshoot the issue further.

    I hope this helps and hence would request you to please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  3. Tom Flanagan 21 Reputation points
    2023-08-02T13:38:00.07+00:00
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.