web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Urgent - 'Failed to re...
Power Automate
Unanswered

Urgent - 'Failed to refresh access token for service: aadcertificate

(2) ShareShare
ReportReport
Posted on by WBADAM03 179
Hi all,

I'm having an issue that is impacting hundreds of users, and I have no found a solution.

I have a powerapp that, when a user clicks a button, starts a flow that eventually sends an email with the send an email V2 connector for outlook. Also used is the "get items" connector for sharepoint.

5/6 months ago, my organization required MFA/2FA for basically everything. We now enabled MFA for powerapps and that solved one related error.

What happens randomly, sometimes as often as 60% of all users, is this error on the send an email v2 for outlook step:

'Failed to refresh access token for service: 

Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and office365 is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: aadcertificate.The refresh token has expired due to inactivity. The token was issued on 2024-06-09T19:35:08.4352441Z and was inactive for 90.00:00:00. Timestamp: 2024-12-03 18:13:43Z","error_codes":[700082],"timestamp":"2024-12-03 18:13:43Z","fe","error_uri":"https://login.windows.net/error?code=700082"}']

(some info removed for security)

Sometimes a user will click the button and it will work, sometimes it won't work. Resubmitting the failed flow will not work. 

Sometimes the get items step for sharepoint will have this issue as well. 

Essentially, this is a large powerapp that hundreds of people use and I cannot remove 2FA. 

I need this to work or I will have to move away from power platform.

How can I stop this error please? I'm at a loss. The powerapp even asks for a duo prompt before signing in, how on Earth can the token be expired? 
Categories:
Building flows
I have the same question (0)
  • Ellis Karim Profile Picture
    Ellis Karim 11,653 Super User 2025 Season 2 on at
    Urgent - 'Failed to refresh access token for service: aadcertificate
    I don't have an answer for what is going on, but one issue I did notice in the error message is that your Power Platform administrator has blocked the use of the "office365" connectors you are using in your apps and flows:
     
    Error, and office365 is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized
     
    Can you check with your Power Platform administrator to permit the use of the "office365" connectors, or specifically the Send an email v2 connector?
     
    Ellis
     
     
     
     
  • WBADAM03 Profile Picture
    WBADAM03 179 on at
    Urgent - 'Failed to refresh access token for service: aadcertificate
    Ekarim,

    I don't know how to reply to you on this new forum layout.

    That's the frustrating part, the admin has not blocked the office365 connectors, nor any sharepoint connectors.

    This isn't an error on every run too, it can run between 40-50% fine.

    I think the block is because of this part of the error message:

    "The refresh token has expired due to inactivity." 

    For context, this is a powerapp for students that do 3 co-ops. They may do them close together, seperated by years, etc. I think what might be happening is that they get a token from several months ago, go back to finish a report, and then submit and then the token is expired so the connection is blocked due to an invalid token.

    If my understanding is correct, I need to figure out a way to make powerapps or power automate grant a new token in AAD. I have no idea how to do that.
  • Ellis Karim Profile Picture
    Ellis Karim 11,653 Super User 2025 Season 2 on at
    Urgent - 'Failed to refresh access token for service: aadcertificate
    Do you know if your Ms 365 administrator has set any Conditional Access policies?
     
     
    Ellis
     
  • WBADAM03 Profile Picture
    WBADAM03 179 on at
    Urgent - 'Failed to refresh access token for service: aadcertificate
    Hey Ellis,

    Thanks for bringing that up.

    I think that is for extending the life of the tokens. Our central IT time won't allow us to extend the life of the tokens. Basically we need the powerapp (or before the sharepoint/outlook connector) to 

    1: Determine if tokens are expired
    2: Grant a new token if expired

    How to do that, I have no idea. I have a ticket with Microsoft but I've been transferred to a few different teams with no answer yet.

    I appreciate the support
  • WBADAM03 Profile Picture
    WBADAM03 179 on at
    Urgent - 'Failed to refresh access token for service: aadcertificate
    I still don't have an answer for this but I found a workaround.

    1: Copy the flow that fails
    2: on the copy, change the flow trigger from powerapps to "when an HTTP request is received" -please note this requires the premium power automate license
    3: Go to the original flow and add a final step for "send an http request" for on error on the send an email step
    4: Make the original flow send an HTTP request to the copy flow, which is triggered by receiving the HTTP data over HTTPS with the API 
    5: The copy flow will use the account that hosts the flow, so assuming your connections in power automate are valid, will have valid tokens for send an email v2.
    6: Please note that the email will come from the account hosting the flow (not the powerapp user) and the use of the HTTP blocks require a premium power automate license.
  • Johnolnes Profile Picture
    Johnolnes 234 on at
    Urgent - 'Failed to refresh access token for service: aadcertificate
    We're also suffering from this.
     
    Spoke to the IT admin and he took a quick glance at the error code and noticed the "AAD".
    Something to do with going from the old system to the new. 
     
    Unfortunately I've not found a work-around, but I suspect that if they changed their password it would grant them a new access token.
     
    My 2 cents
  • pwarago Profile Picture
    pwarago 12 on at
    Urgent - 'Failed to refresh access token for service: aadcertificate
    We are facing the same issue. I am thinking of moving away from power automate and use Logic Apps. 
    Anyway, anyone got any update?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Forum hierarchy changes are complete!
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Tomac Profile Picture

Tomac 497 Moderator

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 477 Super User 2025 Season 2

#3
chiaraalina Profile Picture

chiaraalina 242

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans