Error from token exchange

(0) Share

Report

Posted on by CU16121358-0

Hello,

I have created an instant flow for a power app which is triggered from a button. When i test the flow it is running with no issues. When though a user tries it, i get the following error:

Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and sharepointonline is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: sharepointonlinecertificatev2. Correlation Id=bb07ba02-fc95-466f-964e-dbff3338cd09, UTC TimeStamp=2/26/2025 8:40:08 AM, Error: Failed to acquire token from AAD: {"error":"invalid_grant","error_description":"AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2024-11-13T13:04:43.0420964Z and was inactive for 90.00:00:00. Trace ID: 72a1f160-a8fc-4fc5-85e1-1f1b52942400 Correlation ID: 3a1ada92-5d9b-4f00-ade6-97c8683c8bea Timestamp: 2025-02-26 08:40:08Z","error_codes":[700082],"timestamp":"2025-02-26 08:40:08Z","trace_id":"72a1f160-a8fc-4fc5-85e1-1f1b52942400","correlation_id":"3a1ada92-5d9b-4f00-ade6-97c8683c8bea","error_uri":"https://login.windows.net/error?code=700082"}']

On flow properties i add the users on the "Manage run only permissions".

I have also created on the environment a custom basic user security role where i gave access to the following.

It still fails though and i dont know what i miss.

Can you please advice?

Thanks in advance for your support,

Manos

Categories:

Building flows

I have the same question (0)

All responses (3)

Answers (0)

CU16121358-0 4 on at

Like (0)

Report

Anyone can please help me on this issue?

Was this reply helpful? Yes No
CU16121358-0 4 on at

Like (0)

Report
I tried it today and this one popped: {"statusCode":401,"headers":{"x-ms-failure-cause":"apihub-token-exchange","x-ms-apihub-obo":"false","x-ms-apihub-cached-response": "false","Date":"Wed, 05 Mar 2025 07:54:30 GMT","Content-Length":"1141","Content-Type":"application/json"},"body":{"status":401, "source":"https://europe-002.token.azure-apim.net:443/tokens/europe-002/office365/c4c20b11abb1448c84a435e12c8981d5/exchange", "message":"Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and office365 is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: aadcertificate. Correlation Id=ec053e19-3ccf-496f-a336-7fe26886cb3d, UTC TimeStamp=3/5/2025 7:54:31 AM, Error: Failed to acquire token from AAD: {\"error\":\"invalid_grant\",\"error_description\":\"AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2024-08-06T15:38:30.8322459Z and was inactive for 90.00:00:00. Trace ID: ab1bd53e-e14d-4c3a-9212-119947d30600 Correlation ID: 3ec9ca8c-122a-4214-8e5d-5a171559b5b6 Timestamp: 2025-03-05 07:54:31Z\",\"error_codes\":[700082],\"timestamp\":\"2025-03-05 07:54:31Z\",\"trace_id\":\"ab1bd53e-e14d-4c3a-9212-119947d30600\", \"correlation_id\":\"3ec9ca8c-122a-4214-8e5d-5a171559b5b6\",\"error_uri\":\"https://login.windows.net/error?code=700082\"}']"}}

Was this reply helpful? Yes No
Suggested answer

FatihDagdelen 53 on at

Like (0)

Report
Hi,

It could be a lot of reasons first of all :)

some of them are here:
Root Cause:

The error message AADSTS700082 means that the Azure Active Directory (AAD) refresh token for Office 365 has expired due to inactivity.

The connection to Office 365 (aadcertificate) is in an error state and needs to be re-authenticated.

Power Automate is blocking the runtime execution because the Office 365 token cannot be refreshed.

This happens when:

The connection was created but not used for 90 days.

The user who created the connection left the organization or their account permissions changed.

The connection was not refreshed before expiration.

Solution Steps:

Check & Re-authenticate Office 365 Connection

Go to Power Automate → "Data" → "Connections".

Find the Office 365 connection (it might be named Office 365 Outlook, Office 365 Users, or similar).

If it says "Error" or "Needs Attention", click on it and select "Fix Connection".

Re-authenticate using a valid Office 365 account.

Remove & Re-add the Office 365 Connection

If fixing the connection doesn’t work, try removing and re-adding the connection:

Delete the broken Office 365 connection from Power Automate.

Click "Add a new connection" and re-add Office 365.

Authenticate again and test the flow.

Assign a Service Account for the Flow

If the issue persists, instead of using a user’s connection, use a dedicated service account to avoid token expiration.

Steps:

Create a shared service account in Microsoft 365.

Assign this account the required permissions for Power Automate.

Re-add connections using this service account.

Verify Power Automate Run-Only Permissions

Ensure that the correct users have run-only permissions to execute the flow.

If using service accounts, check that the account has proper Office 365 & SharePoint permissions.

I hope it helps you! :)

Fatih

Was this reply helpful? Yes No