I have a flow that uses a power apps trigger. Users click a button in the canvas app, and the flow runs. The first non-variable action in the flow is creating a sharepoint list item. This action fails for some users. If they refresh the power app and try again, it works. Or, if I access the failed run and click resubmit, it works. I've made sure that they have contribute access to the list, and there are no premium connectors in this flow.
The error message is:
Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and sharepointonline is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: sharepointonlinecertificatev2. ... Error: Failed to acquire token from AAD: {"error":"invalid_grant","error_description":"AADSTS700082: The refresh token has expired due to inactivity. The token was issued on ... and was inactive for 90.00:00:00.
Any idea what token it's talking about? The user's? If so, they've been using the power app, and to get to the screen with the button to call the flow, they had to go through other screens that read data from the same SharePoint site. It says sharepoint online is in the block list, which suggests a problem with a policy, but again, it works if they refresh and try again.
edit: a few more details I've learned: the user's refresh token has expired, either because they didnt't log in for 90 days or because their password changed. the fact that the flow fails with an invalid refresh token makes perfect sense, as flow can't kick off an interactive login dialog. The question is how is it possible for the user to access the power app, click through several screens to get to the screen with the button that starts the flow, all with an expired refresh token? If the user refreshes their browser, they apparently get a new refresh token, and the flow completes successfully.
Any ideas, other than popping up a message telling users to refresh their browser?