Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Microsoft Graph API intermittent error "Token not found: token is either invalid or expired" resolves itself after retry

Tags:

azure-active-directory

microsoft-graph-api

I am making requests to the Microsoft Graph REST api (beta), specifically to the sign-in event endpoint: https://graph.microsoft.com/beta/auditLogs/signIns

I am making batch requests that retrieve sign-ins for a particular user in batches of 1000. Starting around the 25th of september, these requests would fail after roughly 10-50 batches, with the following response, with a 400 (Invalid Request) HTTP error code:

"error": {
  "code": "",
  "message": "Token not found: token is either invalid or expired",
  "innerError": {
    "request-id": "[request-id-redacted]",
    "date": "2019-09-30T22:27:36"
  }
}

However, if I retry the requests after waiting ~1s, with the very same JWT web token, the requests succeed and I'm able to complete all the batch requests for the job I'm running. The access token I receive when initially authenticating expires in 1 hour, but this error crops up ~1-15 minutes after I receive the token (I've confirmed the unix timestamp expiry date I get w/ the token).

I'm wondering what could be the cause of this error, and how I could avoid it, other than hard-coding the specific response message and retrying. I was unable to find any matches on google for the error message, either. Has anyone seen this error before from the Microsoft Graph API?

like image 793
GoogieK Avatar asked Oct 01 '19 00:10

GoogieK

People also ask

How long are Graph API tokens valid for?

Refreshed tokens are valid for 60 days from the date at which they are refreshed. Tokens that have not been refreshed in 60 days will expire and can no longer be refreshed.

1 Answers

"I was unable to find any matches on google for the error message, either. Has anyone seen this error before from the Microsoft Graph API?"

Yes. I'm querying the https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails MS Graph endpoint, and I'm seeing exactly the same thing you are. Intermittent responses with status code 400 and this error message: "Token not found: token is either invalid or expired", only a minute after requesting an access token.

I'm using the @odata.nextLink value to page through the results, however it's proven to be very unreliable due to this issue. Sometimes I will get the entire set of results, other times I will only get a portion of it. Even when I sleep for 5 seconds between each nextLink request, the error still appears.

This started happening for me this week. Before I was getting consistent results.

Your approach to perform a retry might be the best one for now:

if response.status_code == 400:
  retry_request()
like image 110
Miguel Alex Cantu Avatar answered Oct 30 '22 03:10

Miguel Alex Cantu
Sign in to Comment

Related questions

What is "aio" in Azure JWT token? [duplicate]
Using multiple authentication providers in C# .net core
Access Azure Graph API on behalf of application rather than user
Automate creation of Azure AD B2C Tenants
Re-challenge authenticated users in ASP.NET Core
Empty GUID error when using Azure AD consent flow
Requests to Microsoft Store APIs always return empty lists of products / subscriptions
Azure DevOps Hosted Build Agent MSI
Static website in Azure Blob Storage: How to enable Azure AD Authentication?
Use react-native-firebase/auth OAuth provider to auth Azure AD credential
AzureAD SCIM integration not sending DELETE requests
Microsoft Graph filter for onPremisesExtensionAttributes
How to get current user roles with ADAL JS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!