CompactToken validation failed 80049228

Question

Some users are getting this error back when trying to sign in using Microsoft Sign In in order to access mail via MS Graph. I've had both corporate users and personal (Hotmail.com) users both showing this error number but it works fine for most users.

This is the call:

https://login.microsoftonline.com/common/oauth2/v2.0/token

This is the error returned:

Code: InvalidAuthenticationToken
Message: CompactToken validation failed with reason code: 80049228

Any pointers? Where can I find a reference to this error number?

Answer 1

This means the token expired and it need to be refreshed. If you want to refresh it without user interaction you'll need a refresh_token which is returned when you obtain a token initially.

Here is how you can refresh it:

function refreshTokenIfNeeded(tokenObj){
    let accessToken = oauth2.accessToken.create(tokenObj);

    const EXPIRATION_WINDOW_IN_SECONDS = 300;

    const { token } = accessToken;
    const expirationTimeInSeconds = token.expires_at.getTime() / 1000;
    const expirationWindowStart = expirationTimeInSeconds - EXPIRATION_WINDOW_IN_SECONDS;

    const nowInSeconds = (new Date()).getTime() / 1000;
    const shouldRefresh = nowInSeconds >= expirationWindowStart;


    let promise = Promise.resolve(accessToken)
    if (shouldRefresh) {
        console.log("outlook365: token expired, refreshing...")
        promise = accessToken.refresh()
    }
    return promise
}

Where tokenObj is the token object you store in your database. Make sure it also has expires_at or otherwise oauth2.accessToken.create() will create it and calculate from the current moment in time.

More details can be found in this tutorial and in this github repo (this is where the code above was taken from)