Cannot authenticate with Azure after password reset: AADSTS50173: The provided grant has expired due to it being revoked

Question

Cannot authenticate with Azure after password reset: AADSTS50173: The provided grant has expired due to it being revoked

Craig Blackman 25

Using Intellij to run a Spring Boot app that needs to authenticate with Azure to access a key vault. I reset my password and login successfully on to the az cli using the az-login command. However it claims I need a new token. I have run az logout and az account clear multiple times. Also deleted msal.cache and msal-token_-_cache.json on my local machine but nothing helps. Exception is:

	Suppressed: com.azure.core.exception.ClientAuthenticationException: DefaultAzureCredential authentication failed. ---> IntelliJCredential authentication failed. Error Details: AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '2022-12-01T17:06:18.9958813Z' and the TokensValidFrom date (before which tokens are not valid) for this user is '2023-05-02T08:14:11.0000000Z'.

Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2023-05-15T05:24:52.0333333+00:00

Hi @Craig Blackman ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2023-05-16T07:35:06.8166667+00:00

Hi @Craig Blackman ,

This requires deep troubleshooting. If any of solution does not work for you, please send us an email on azcommunity [at] microsoft [dot] com referencing this issue along with your subscription id with a subject line "ATTN:shweta" and we will help you with alternative support options on this.

Thanks,

Shweta

Accepted answer

1 additional answer

Your answer

Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2023-05-15T05:24:52.0333333+00:00

Hi @Craig Blackman ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2023-05-16T07:35:06.8166667+00:00

Hi @Craig Blackman ,

This requires deep troubleshooting. If any of solution does not work for you, please send us an email on azcommunity [at] microsoft [dot] com referencing this issue along with your subscription id with a subject line "ATTN:shweta" and we will help you with alternative support options on this.

Thanks,

Shweta

Answer 1

Shweta Mathur 30,296 Microsoft Employee Moderator

Hi @Craig Blackman ,

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

User's image

Thanks

Answer 2

Sedat SALMAN 14,180 MVP

The error you're encountering (AADSTS50173) indicates that Azure Active Directory (Azure AD) received a token in a request, but the token is no longer valid due to a password change. The token might have been cached by your application or the library you're using to authenticate.

Go to your IntelliJ IDEA's system directory. It's usually located in the user's home directory:

Windows: C:\Users<Your User Name>.IntelliJIdea<version>\system
macOS: ~/Library/Caches/JetBrains/IntelliJIdea<version>
Linux: ~/.cache/JetBrains/IntelliJIdea<version>

Delete the azure directory inside the plugins directory, which is located inside the system directory. This should clear IntelliJ IDEA's Azure plugin cache.

Craig Blackman 25 Reputation points

2023-05-15T14:33:50.1866667+00:00

Thanks for the reply. I am on macOS I don't see an azure directory within the plugins directory. I had previously invalidated caches in IntelliJ but that did not help.

My understanding is that if the DefaultAzureCredential authentication flow fails for IntelliJ the credential should be picked up from 6. Azure CLI or 7. Azure Powershell according to: https://learn.microsoft.com/en-us/java/api/overview/azure/identity-readme?view=azure-java-stable

That’s the way it worked for me previously – the credential would get picked up from Powershell or az cli. I’m running IntelliJ 2023.1.1 and version 3.76.1-2023.1 of Azure Tookit for IntelliJ plugin.
Craig Blackman 25 Reputation points

2023-05-17T09:24:05.4233333+00:00

I resolved this by clearing the keychain password for service "Microsoft.Developer.IdentityService" within Keychain Access on macOS.

Share via

Cannot authenticate with Azure after password reset: AADSTS50173: The provided grant has expired due to it being revoked

1 additional answer

Your answer