Migration from REST to Graph: Refreshed token throws InvalidAuthenticationToken

Uriel González 1 Reputation point
2022-09-15T22:26:46.577+00:00

Hi. I've been struggling for hours with this so my last resort is asking for some help.

We need to ensure that the old tokens issued in our system are still valid once we migrate to Graph. Tokens are successfully refreshed using the refres_token issued by the REST API, but when I try to use the issued token to make a call I'm getting the following error:

{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 8004920A",
"innerError": {
"date": "2022-09-15T22:19:58",
"request-id": "fceadbcd-d55a-4bee-b2a9-fca6828053b0",
"client-request-id": "fceadbcd-d55a-4bee-b2a9-fca6828053b0"
}
}
}

Can you help me get an idea of what I'm doing wrong?

Microsoft Security | Microsoft Graph
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Glen Scales 4,446 Reputation points
    2022-09-16T00:04:04.797+00:00

    Sounds like you maybe mixing V1 and V2 tokens see https://learn.microsoft.com/en-gb/azure/active-directory/develop/access-tokens#sample-tokens you can check you token version by using jwt.io. The accessTokenAcceptedVersion in the manifest controls what type of tokens you app can accept.

    1 person found this answer helpful.
    0 comments No comments

  2. Uriel González 1 Reputation point
    2022-09-16T20:13:35.8+00:00

    Thanks for your response, Glen.

    I'm not an expert, but if that was the case then the refresh token issued by REST shouldn't work to generate a fresh one using Graph, don't you think?

    Anyway, I tried to decode both tokens and I was not succesful in any case.

    What's would you recommend?

    Token issued by REST:
    EwBIA+l3BAAUnQP8Jfa2FYxR0AX7HsEZwOdWa28AAYGrCkzqhntygx/zRfL253VlR6f4eZ8TNiciuEBPsarilvyWuWhWQoGzl/UGje+g6eYXOszjSlExV83yuNM4IokJ/VR4fLsVuQ7F8OwqkcpV/LUUmSu7B3OOyW+6ceqEr+yg8OgGwvhmNiMl/ZMT8MhI6vDFwf+xUPDdfxRM9o6eU+fjrIBYwg5fNHbBYNJj/9+WrFpdJO0lfNu2dZFNkbxUyrtajU3yr5eOolY16No9pjgE1wg58+wPCJPlTNSTneP9oe2yI+0uSDSZ5Gf48jRvyzeHAlvVoIH3s1zOOv6GWGvlBQPB/ymMam31Q4GAhE5DOuYX+dmkSTjBWl0EjhQDZgAACDbG12n/iiSxGAJxxgZsljY9hTBl8qYy/orBk8z0je3SNziX6FA9/okn0o1yqCG5iZa205f1cxp2MvdJAbV0XwQOnw9ESntrt8ozoODd4En55h3ERQRSmlrctE2aOXedj334gmUO7+Q0Gvvl/8IIROHbbxOBagNBtADNRgDAxJ1MZI3Yr6Zeo3x3PCAHq/SG+nfs1ckmhC5KB20t9Cth3ZQXDopHzqOggd4bbG0x8wju3DZFeBQ2N2p3LmnMjoR+4bH1y3LFJu/8SmSlNCTKxIq5zyufBA5DbyNNtSuZm8kKYgxBKaVlzE9waWHRoWChYC36g0z8oV+toquh/r174CCszynLtJB40vsNkflWBU15aJPUSW/ahcdDUIHFcCp0YzSjBUKZblfJp6lFW1SHzdrljEadbYgXWjtl5Jp9hEF6GEvXIuweIDbByB7+fpgUP1OsWkXeST0jseDCjz9Ks3xQYekWblkQtQaeOlyfxJAGR85MG6umnY93zDm6xkUpNEVJkiQZANJqUf9eKh0mJhsV2PpeNhFTGHdtQfQsCcOldvht/n08LDYjMb92uyeALNJm3SmF855G/BLVII8dQQoFzMvJP2IBPaw4KNNkvuzTvNShqDuPCd4akjZGVWHc04GSrOpG1evmiV3LMt+G/rSuxo0Znl8CbZ9kVkh2cSTpg9zAIpXl3Z4+lb3RCuUIYxFCUfmmXo1G1uaOHv/dXYSP00gC

    Token issued by Graph:
    EwCAA8l6BAAUkj1NuJYtTVha+Mogk+HEiPbQo04AATRcwlxAn5+ebfbfyLFaZognOcFaFb+EDpf0AkXVwiCwrOgYop71pDulj6bwXkd23AkdnFDiXWjlRr7kvBRjNcL2DwZHQUd6vc66TMHx2z4Rmmx4hFTk7eT759dbA5usME8HkVKgvA8Ydlh1QwepOWeYynP6jGaNMl1fR+2NwviU8MkT7wqakWKaXc9fUpjfs7GbdT7aG/jWI2EPYEFV+dToBtn5sdRHM6Er6ZAhscMAcAAZpQ8ozvm6v1b2/rbll6jkk5nSAKEOlLdu9CeKPVBVy4xnI/S6FKMPcbZrYS5h4JgpnLw95zMHnlOjaowGIuLiY9QxlYxa853+dUD5JwADZgAACHJ0gF1tTu/UUALCZUBicMvEK0LZiiKu/BHG+pQHsMsDgxOD5bITi9UGpbtfJlVwiApiR5i/lK9crpOF29TJeB5MkWuWGT1HJhTEPIx0DdhNdlh7uf4kbKsiC1WhoWx78aokgronFbC6KvvGWPNmANsf31pdwbLuoAyoKt+uKoJiDAU136iz+2DDafzpQB5Fx5f8L9upOHSm00FYOpYsNSNq3xLw6zn5XEXT3X2SfocRXIHC2354GQjx/fIOvX1pQwi0W7hsncGXkB/newEmRWGpdDoYuInkOeK32cM1sEWw+/LFjJR5q+q05LdXyA49I4Sl9h5rMF7hVZqZSyKNKtPk8qpCyodAibpGh9SdYnhO3j2KzseBQyUaxdlCYA1ILSC1sQubYWCOzxFHaf6ZPeFzJ5ksi/skOOxOZ/42ALI7zzjiV8cMIi3rjyoMxNtSXCdUOcfP1h6/D9/aVrqwwW3digmtEVnL40vnpKW/u/M0xoCr4R+AyJKN2jGXidLb/KClaOhU+kAPkUbcTBrsNAoVc0nvax1KC6gS8XqmpAUSJepYQRTXGEtEDiKJKo5rZzuZQqde14GKZiJrCceD60JbQ9TfSYkL1ftVdCJLUvJKmzch7W1Newz7DXivrfqVyH7s44MJbqnt38UZB0kUjJMz2NWRUOk35sqc42A1s/5qF96EXn1ZIlZKZYx4zueyk5bVfJbLC4rKr0XKJHpNpnmhHqmL4U5NQiAxGQr7BTd9hy2UBguOAzyk/WlOxrqhxqiLLES1SNIFbjH1Yw29/YmaXGsSfk15+hwQjQI=

    0 comments No comments

  3. Glen Scales 4,446 Reputation points
    2022-09-19T01:38:16.06+00:00

    What does the code your using to get the token look like? They don't look like valid Access tokens and they aren't something that will be interchangeable for a Graph Token

    0 comments No comments

  4. Uriel González 1 Reputation point
    2022-09-20T15:57:50.183+00:00

    I'm sorry. It seems that the ones I should decode are the id_token and I was bringing access_token. Now I was able to decode both, but now I go back to the beginning, cause they both are 2.0

    I will keep digging to see what else I can find

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.