Power Automate

AADSTS700082: The refresh token has expired due to inactivity

(4) Share

Report

Posted on by Jedediah

183

Hello,

Before opening a case at MS support...

I have a PowerApp, which triggers a PowerAutomate Flow (in a solution). Everything is working as expected, but I randomly have the “AADSTS700082: The refresh token has expired due to inactivity.” error for some of my users.

The flow contains a SharePoint Get action, used with the connection of the user, which has triggered the flow. This is this action that generate this error.

This issue happens randomly, and I don't know why the token expires, since the user is authenticated in the app.

Here is the complete log :

{
  "status": 401,
  "source": "https://europe-002.token.azure-apim.net:443/tokens/europe-002/sharepointonline/xxxxxxxx/exchange",
  "message": "Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and sharepointonline is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: sharepointonlinecertificatev2. Correlation Id=d8751b86-xxxxxx, UTC TimeStamp=10/2/2024 10:24:11 AM, Error: Failed to acquire token from AAD: {\"error\":\"invalid_grant\",\"error_description\":\"AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2024-06-18T08:53:31.0549392Z and was inactive for 90.00:00:00. Trace ID: 2a8888b3-xxxxxxx Correlation ID: f22c64fa-xxxxxxxxxx Timestamp: 2024-10-02 10:24:11Z\",\"error_codes\":[700082],\"timestamp\":\"2024-10-02 10:24:11Z\",\"trace_id\":\"2a8888b3-xxxxxxxxx\",\"correlation_id\":\"f22c64fa-xxxxxxxxxxx\",\"error_uri\":\"https://login.windows.net/error?code=700082\"}']"
}

Is there anything we can do to prevent this issue?

Thank you !

Categories:

Building flows

I have the same question (0)

All responses (14)

Answers (0)

JD-04101231-0 2 on at

Like (0)

Report

Hello,

I have the same issue. Still trying to find the solution

Best regards,

Jordan DESMAREST

Was this reply helpful? Yes No
GC-15101619-0 2 on at

Like (0)

Report

I am having the exact same issue.
This is even happening on apps that have been working fully for the previous year with no issue.
I just started seeing this issue in the last few months.

Have you found any solutions?

Was this reply helpful? Yes No
djtrustgod 2 on at

Like (0)

Report

We noticed this same issue for cloud flows, and for us it was a service account that has not caused us issues before. In our case it was manifesting in the Office 365 Outlook connection related to Send an Email V2 actions. We are creating new Office 365 Outlook connections for these actions in our more critical flows. If this reoccurs we are going to open a Sev A ticket with Microsoft.

Note this occurred on an account that does not require second factor auth, but is is restricted by policy to only log into specific locked down devices.

---

Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and office365 is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: aadcertificate.

Was this reply helpful? Yes No
Blizius 3 on at

Like (0)

Report

Same issue in tenants of some of our customers. I think it has something to do with policies within the organisation, but don't know what exactly is causing it. So if anyone knows, I would be grateful too.

Was this reply helpful? Yes No
Suggested answer

VV-21081205-0 12 on at

Like (0)

Report

I too started getting this issue recently. I signed in again for the connectors but issue persisted for few users.

Finally, I went to 'Run only users' and changed from 'Provide by run-only user' to 'Use this connection xxxxxxx', it started working.

Was this reply helpful? Yes No
jefmeyer 166 on at

Like (0)

Report

We too are experiencing this issue and have had a ticket open with MSFT for over a month. Our issue is the SharePoint connector and the workflow will randomly through this error. Resubmitting the flow will error but subsequent runs are successful with no changes on our end. The latest suggestion from the engineer is to create a copy of the workflow called from the PowerApp and see if that resolves the issue, but we haven't tried that yet since this is actively used in production. I suspect that there is some sort of a token handler issue in Azure causing this issue.

Was this reply helpful? Yes No
Jedediah 183 on at

Like (1)

Report

Hello everyone.

Just so you know, here is the "known issue" about this problem : 4455860

There are two temporary workarounds provided, but they can't be applied in a standard production environment with many users.

Hopefully, we'll have a real fix in the coming days…

Was this reply helpful? Yes No
jefmeyer 166 on at

Like (1)

Report

Sorry for the repost, we just received the update from our MSFT Engineer and I shared before seeing @Jedediah's post. Not trying to steal their thunder. :)

After opening a ticket, Microsoft has confirmed that this is a bug and they are working on a fix: Known issues | Power Platform admin center

Was this reply helpful? Yes No
WBADAM03 179 on at

Like (5)

Report

I have about half a dozen powerapps that call flows and all of them have this issue now. 2 years ago we didn't have this problem and now it's all but made power platform useless for us for the last 6 months. Hundreds of users use my powerapps and this bug has caused me so many headaches it probably boosted the share price for the company that owns tylenol.

I have a ticket open with Microsoft and it's been months with no resolution and the customer service is very poor. There is no resolution in sight.

I believe what is happening is that when an user signs into their microsoft account, the powerapp application will try to see what services it uses and attempt to see if those connections are valid or not.

When you first sign into a powerapps application that uses a flow, it will ask the end user to make connections for those services, such as outlook and sharepoint. However, something in powerapps is broken where the system doesn't check this for all users. I have witnessed some end users, after 90 days of not signing into the application itself, get a prompt to remake their connections to outlook.

However, about 60% of users do not get this pop-up when they sign in and the powerapp seems to work until they press a button that calls a flow. The flow will see that the token is expired and the flow will fail. Nobody at Microsoft seems to understand this and no one seems to have a solution.

I have made a work-around by adding an "on-fail" step on sharepoint/outlook steps in powerautomate that will send an HTTP call (premium connector by the way, so this workaround will actively cost you money) to another flow that is triggered by "when a HTTP request is recieved " that uses the flow that uses tokens from the service account.

Powerapps uses the tokens of the end user and a flow that is triggered by powerapps will use the tokens of the end user. If the flow fails, the on-fail step will call the HTTP request to a child flow that isn't triggered by powerapps. Thus the child flow will use the tokens from the account that owns the flow. This works 100% of the time and is the only way I can get anything to work now.

The problem is that it doubles the amount of flows you have, is a workaround to the problem, and some steps simply needs to come from the end user and not another account. Also the HTTP request is a premium connector.

PLEASE let me know if have any solution to this problem. I have actively been working with Microsoft reps for months with no resolution.

My proposed fix would be for Microsoft to address why the powerapp can't tell that connections to services are expired and make a pop-up when the end user signs into the powerapp to re-do the invalid connections.

If you look at the issue, it only has "workarounds" that aren't scalable solutions for a fundamental problem (https://admin.powerplatform.microsoft.com/knownissues/4455860) but it is somehow "Resolved" - AKA they can't be bothered to fix it or the communication between departments is so bad, no one knows what the solution is.

Was this reply helpful? Yes No
gasbach 8 on at

Like (3)

Report

This is absolutely frustrating! We have multiple Power Apps that call multiple Power Automate flows and we have random users experiencing this token error. The flow fails, the user doesn't know it, and we receive a summary of flow failures a week later. The Microsoft known issue is set as RESOLVED????!!!! If it is resolved then why do they say in the first paragraph of the 'Workaround' section, "We are actively investigating this and working on a solution for these Token Exchange failures". IF YOU DON'T HAVE A SOLUTION, IT IS NOT RESOLVED!

I feel like I'm playing whack-a-mole and I'm sure our business users' confidence in IT is going way down. This directly reflects on IT, and Microsoft is not keeping us updated with what progress (if any) they are making.

Was this reply helpful? Yes No