invalid_grant in authentication api call

asvr asvr 20 Reputation points
2024-02-25T18:21:56.9466667+00:00

Hey, I'm getting below error response while hitting the Auth code (POST) api from postman also the api is.

https://login.microsoftonline.com/common/oauth2/v2.0/token

    "error": "invalid_grant",
    "error_description": "AADSTS70000: The provided value for the 'code' parameter is not valid. The code has expired. Trace ID: 083f67da-bb9e-4778-b8e3-bcdaf5608001 Correlation ID: 3593c6e6-f82f-4405-8a60-de33c270351f Timestamp: 2024-02-25 18:14:22Z",
    "error_codes": [
        70000
    ],
    "timestamp": "2024-02-25 18:14:22Z",
    "trace_id": "083f67da-bb9e-4778-b8e3-bcdaf5608001",
    "correlation_id": "3593c6e6-f82f-4405-8a60-de33c270351f",
    "error_uri": "https://login.microsoftonline.com/error?code=70000"
}
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,774 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,266 questions
{count} votes

Accepted answer
  1. CarlZhao-MSFT 41,126 Reputation points
    2024-02-26T02:54:44.8566667+00:00

    Hi @asvr asvr

    The authorization code is not reusable, it expires immediately after use, so do not try to request the /token endpoint with an expired authorization code, you should initiate a new authentication request to obtain a new authorization code. If you want to avoid frequent logins authentication, then you can try using refresh token.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


2 additional answers

Sort by: Most helpful
  1. asvr asvr 20 Reputation points
    2024-02-25T21:27:19.9766667+00:00

    Tried it’s not working.


  2. asvr asvr 20 Reputation points
    2024-02-26T14:46:52.2933333+00:00

    The code which is expired is getting from the below request which is also in error state.

    https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize?client_id={clientId}&response_type=code&redirect_uri={redirect_uri}&response_mode=query&scope=openid profile User.Read Teams.ManageCalls Teams.ManageChats Channel.ReadBasic.All ChannelMessage.Edit ChannelMessage.Send Chat.Create Chat.Read Chat.ReadBasic Chat.ReadWrite ChatMessage.Read ChatMessage.Send Contacts.ReadWrite email offline_access TeamsAppInstallation.ReadForChat User.ReadWrite error -
    AADSTS50020: User account 'xyz@gmail.com' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '{clientId}'(app-name) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.