![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 94%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
25,168 questions
Hi @Naga Dheeraj M , the error message "Incorrect user credential" usually indicates that the access token or ID token received by your application is invalid or has expired. This can happen if the token has been tampered with, or if it has expired due to inactivity or because the user has revoked the consent.
To troubleshoot this issue, you can try the following steps:
- Check the expiration time of the access token and ID token received by your application. You can decode the token using a JWT decoder tool to see the expiration time. If the token has expired, you need to request a new token by redirecting the user to the Azure AD login page.
- Check the signature of the token to ensure that it has not been tampered with. You can use a JWT decoder tool to decode the token and verify the signature. If the signature is invalid, the token may have been tampered with, and you should reject the token.
- Check the audience and issuer of the token to ensure that it is intended for your application. The audience should match the client ID of your application, and the issuer should be the Azure AD tenant that issued the token. If the audience or issuer is incorrect, the token may have been issued for a different application, and you should reject the token.
- Check the permissions granted to your application by the user. If the user has revoked the consent for your application, you will not be able to access the user's data, and you will receive an error. You can check the permissions granted to your application in the Azure portal.
It is possible that the sign-in process was successful, but the token received by your application is invalid or has expired. The sign-in process involves multiple steps, including authentication, authorization, and token issuance. The authentication and authorization steps may succeed, but the token issuance step may fail due to various reasons, such as token tampering, token expiration, or consent revocation.
Check the logs of your application and Azure AD to see if there are any error messages or warnings related to token issuance or validation. You can also try to reproduce the issue and capture the network traffic using a tool such as Fiddler or Wireshark to see the details of the token exchange between your application and Azure AD.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James