Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Take the survey
Reply
luckycharms
Level 2 Contributor
‎01-20-2020 07:21 AM
Level 2 Contributor
‎01-20-2020 07:21 AM

MFA with refresh tokens seems to have expired and is no longer working

Hello,


We had setup our account for the MFA & Secure Model requirements and have been using refresh tokens to manage our users. We have been refreshing and using new refresh tokens daily.

 

We haven't made any changes to our systems and now it is failing with the following error:

{"error":"interaction_required","error_description":"AADSTS50078: Presented multi-factor authentication has expired due to policies configured by your administrator, you must refresh your multi-factor authentication to access 'fa3d9a0c-3fb0-42cc-9193-47c7ecd2edbd'.\r\nTrace ID: 89271af4-602a-4090-a441-7b2df3f32a00\r\nCorrelation ID: 590e321b-7df9-41ad-a04e-fe7fc61cb000\r\nTimestamp: 2020-01-20 14:46:51Z","error_codes":[50078],"timestamp":"2020-01-20 14:46:51Z","trace_id":"89271af4-602a-4090-a441-7b2df3f32a00","correlation_id":"590e321b-7df9-41ad-a04e-fe7fc61cb000","suberror":"basic_action"}

It appears as though it has expired but I'm not sure how that could be the case as we refresh daily. Could anyone provide insight into this?

 

Thanks!
Corey

Labels:
2 Me too
0 Kudos
3 REPLIES 3
Andra
Microsoft
‎01-21-2020 06:00 AM
Microsoft
‎01-21-2020 06:00 AM

Hi @luckycharms ,

 

Thank you for sharing this matter with the community.

I noticed there is a similar thread you might want to check, although this is a slightly different error: https://www.microsoftpartnercommunity.com/t5/Secure-Application-Model/Refresh-token-lifetime-error-AADSTS50076/td-p/8204.

 

If this does not help, do let us know to further advise.

 

Kind regards,

Andra

0 Kudos
crodriguez
Level 2 Contributor
‎06-11-2020 11:43 PM
Level 2 Contributor
In response to Andra
‎06-11-2020 11:43 PM

We are having the same error New-PartnerAccessToken : AADSTS50078: Presented multi-factor authentication has expired due to policies configured by your administrator, you must refresh your multi-factor authentication to access

 

This happens to some of our tenants. The other thread that you linked does not seem to provide an answer

0 Kudos
JanoschUlmer
Microsoft
‎06-15-2020 12:20 AM
Microsoft
In response to crodriguez
‎06-15-2020 12:20 AM

@crodriguez :

Can you please check to turn the setting of "Remember MFA for x Days" off?

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#how-the-feature-works

"When a refresh token is validated, Azure AD checks that the last two-step verification occurred within the specified number of days."

(or test the opposite by setting it to one day lifetime and check if again your tokens are invalid after this timeframe -. then you can be sure it is this setting).

 

This feature can actually force that interactive MFA in requested again after the specified days and thus your current tokens will be invalid. It would be great if you could update the thread on the result

Kind regards, Janosch (Note: Leaving role as of March 2023, don't expect further answers. Connect with me via LinkedIn: https://linkedin.com/in/janoschulmer)
0 Kudos
Follow Us
    Share