Share via

OAuth device code flow refresh token expiration

Frédéric Poliquin 0 Reputation points
2026-02-11T16:53:48.64+00:00

I have an application which uses the device flow to authenticate users. Everything was working fine until last fall - users could use their refresh tokens and stay connected for 90 days.

Now, users need to authenticate every 24h which is quite annoying for users.

I've checked sign-in logs and it is not a conditional access problem and the failure reason is quite vague :

User's image

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Matthews Msawenkosi Mhlwazi 26 Reputation points
    2026-02-12T04:12:16.7066667+00:00

    Hi Frederic. See if this helps:

    1. Check and modify the “Block device code flow” CA policy.
    2. Use the What If tool to eliminate Conditional Access blockers.

    Re-authenticate to generate a new refresh token after policy adjustments.

    1. Evaluate switching to Authorization Code Flow with PKCE if long-lived tokens are required.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.