Azure AD B2C Token refresh is not working for Entra ID Identity provider.

Question

Azure AD B2C Token refresh is not working for Entra ID Identity provider.

Rinesh PK 20

I am in the process of configuring Azure Active Directory B2C to utilize Microsoft Entra ID as an identity provider. To achieve this, I have set up the identity provider using a custom policy, implementing the authorization code flow as per the documentation available here. The current configuration allows me to successfully obtain an access token and refresh token in the response, and the authentication process is functioning correctly. However, upon the expiration of the access token, the refresh token call fails, resulting in a 400 Bad Request error with the following details.

 "error": "invalid_grant",
    "error_description": "AADB2C90128: The account associated with this grant no longer exists. Please reauthenticate and try again.

I'm seeking guidance as I'm unable to determine the cause behind the failure of the refresh token call. Can someone point me in the right direction to troubleshoot and resolve this issue?

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2024-03-05T17:17:22.84+00:00

@Rinesh PK

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

1 answer

Your answer

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2024-03-05T17:17:22.84+00:00

@Rinesh PK

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Answer 1

@Rinesh PK

Thank you for your post and I apologize for the delayed response!

Error Message:

AADB2C90128: The account associated with this grant no longer exists. Please reauthenticate and try again.

Based off your error message, it looks like the account associated with the grant no longer exists and to hopefully help point you in the right direction, I'll share some troubleshooting steps below.

Can you check to make sure that the user account still exists within Microsoft Entra ID (the identity provider).
Can you also make sure that the refresh token hasn't expired? Refresh tokens have a limited lifetime, and if the token has expired, you will need to obtain a new refresh token.

If the user is still present and the refresh token hasn't expired, can you see if your Azure AD B2C audit logs contain any more info that might help troubleshoot your issue?

Additional Links:

I hope this helps!

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

Share via

Azure AD B2C Token refresh is not working for Entra ID Identity provider.

1 answer

Your answer