Azure AD B2C Sign in with google generates 'invalid_grant' for specific users for non gmail domain users.

Venkat Maram 0 Reputation points
2024-05-28T12:58:20.71+00:00

We are getting error "We encountered an 'invalid_grant' error connecting to the identity provider. Please try again later". for some users.

Sign in with google feature is working for all @gmail.com domains but when it comes to other domains ,for example ******@letezord.com .

For @letezord.com domain few users are successfully login but for few users we are getting invalid_grant error.

Please consider @letezord.com is a kind of Corporate account and it's sample one.

Please have a look at the above issue and let us know what is the resolution for the user specific login issue.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. James Hamil 27,211 Reputation points Microsoft Employee Moderator
    2024-05-28T20:05:30.8666667+00:00

    Hi @Venkat Maram , the "invalid_grant" error typically indicates that the authorization code or refresh token that was used to obtain an access token has expired or is invalid. This can happen for a number of reasons, such as the user revoking access to the application or the authorization code or refresh token being used after it has expired.

    In the context of Azure AD B2C sign in with Google, it's possible that the issue is related to the user's Google account settings or permissions. For example, if the user has revoked access to the application or if the application does not have the necessary permissions to access the user's Google account, then the "invalid_grant" error could occur.

    To troubleshoot this issue, you can try the following steps:

    1. Check the Google API Console to ensure that the application has the necessary permissions to access the user's Google account. Make sure that the correct scopes are enabled and that the application is authorized to access the user's Google account.
    2. Check the user's Google account settings to ensure that the application is authorized to access the user's Google account. If the user has revoked access to the application, then the "invalid_grant" error could occur.
    3. Check the Azure AD B2C logs to see if there are any errors or warnings related to the sign in with Google feature. This could provide more information about the cause of the issue.
    4. Try signing in with a different Google account to see if the issue is specific to the user's account or if it is a more general issue with the sign in with Google feature.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James


  2. Venkat Maram 0 Reputation points
    2024-05-29T07:34:13.22+00:00

    Hi James,

    Thanks for the response .

    I will explain the scenario here,

    I have three accounts with non gmail domains (for example ********@letezord.com, ******@letezord.com & ****@letezord.com). two of the accounts I am able to login successfully via sign in with google for ******@letezord.com is giving invalid grant error.

    I can say it is a user specific issue instead of generic issue.

    Please let me know if we have set of settings required for an account to access sign in with google.

    FYI: All gmail domain users are able to login successfully with sign in with google flow.

    Thanks & Regards
    Venkat Maram


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.