Hello @Tom Flanagan ,
The error message indicates that the provided grant has expired due to it being revoked, and a fresh auth token is needed. This error message is highlighted in our Azure AD Authentication and authorization error codes documentation.
There might be couple of possible scenarios in this case.
- This error is due to refresh token expiry either if the password changed for the user or the token has been revoked either by user or admin through PowerShell or Azure portal.
- There might be chance that Conditional Access policy has been configured to control user
Refresh token and force user to sign-in again. - Another possibility which is highly unlikely is Refresh token expired due to inactivity for more than 90 days.
To resolve this issue, you can follow the below steps:
Ask the user to sign in again to get a fresh auth token. This will help to resolve the issue in most cases.
- Check if the user has changed or reset their password. If yes, then the user needs to use updated the password in Azure Active Directory (Azure AD) to get a new auth token.
- Check if the grant has been revoked by an admin or a user. If yes, then the user needs to request a new grant from the admin or the user who revoked the grant.
- You can also check the Azure AD sign-in logs to get more information about the issue. The sign-in logs provide detailed information about the sign-in events, including the status, error codes, failure reasons and if any Conditional Access Policy is being applied. You can use this information to troubleshoot the issue further.
I hope this helps and hence would request you to please "Accept the answer" if the information helped you. This will help us and others in the community as well.