AADSTS9002313: Invalid request. Request is malformed or invalid.
See original GitHub issueI am getting the following MsalUiRequiredException
when calling PublicClientApplication.acquireTokenSilentAsync(scopes, account, callback)
after the access token expires.
Scope: "https://<REMOVED>.onmicrosoft.com/security/access.full"
com.microsoft.identity.client.exception.MsalUiRequiredException: AADSTS9002313: Invalid request. Request is malformed or invalid.
Trace ID: <REMOVED>
Correlation ID: <REMOVED>
Timestamp: 2019-04-02 12:27:11Z
at com.microsoft.identity.client.internal.controllers.LocalMSALController.renewAccessToken(LocalMSALController.java:404)
at com.microsoft.identity.client.internal.controllers.LocalMSALController.acquireTokenSilent(LocalMSALController.java:307)
at com.microsoft.identity.client.internal.controllers.MSALTokenCommand.execute(MSALTokenCommand.java:65)
at com.microsoft.identity.client.internal.controllers.MSALApiDispatcher$2.run(MSALApiDispatcher.java:267)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:764)
The following HTTP Request & Response information was taken from a debug session using breakpoints in the OAuth2Strategy
class.
HTTP Request Headers:
{client-request-id=<REMOVED>,
x-client-CPU=arm64-v8a,
Host=login.windows.net,
x-client-Ver=0.1.3,
x-client-DM=ONEPLUS A6013,
x-client-OS=28,
x-client-SKU=MSAL.Android}
Url:
https://login.windows.net/<REMOVED>/%2FoAuth2%2Fv2.0%2Ftoken
Body:
client_id=<REMOVED>&
client_info=1&
grant_type=refresh_token&
redirect_uri=msal<REMOVED>%3A%2F%2Fauth&
refresh_token=<REMOVED>&
scope=https%3A%2F%2F<REMOVED>.onmicrosoft.com%2Fsecurity%2Faccess.full+openid+profile+offline_access
HTTP Response Headers:
{null=[HTTP/1.1 400 Bad Request],
Cache-Control=[no-cache, no-store],
client-request-id=[<REMOVE>],
Connection=[close],
Content-Length=[418],
Content-Type=[application/json; charset=utf-8],
Date=[Tue, 02 Apr 2019 12:27:11 GMT],
Expires=[-1], P3P=[CP="DSP CUR OTPi IND OTRi ONL FIN"],
Pragma=[no-cache],
Set-Cookie=[fpc=<REMOVE>; expires=Thu, 02-May-2019 12:27:11 GMT; path=/; secure; HttpOnly, x-ms-gateway-slice=prod; path=/; secure; HttpOnly, stsservicecookie=ests;
path=/; secure; HttpOnly],
Strict-Transport-Security=[max-age=31536000; includeSubDomains],
X-Android-Received-Millis=[1554208030120],
X-Android-Response-Source=[NETWORK 400],
X-Android-Selected-Protocol=[http/1.1], X-Android-Sent-Millis=[1554208030062], X-Content-Type-Options=[nosniff], x-ms-clitelem=[1,9002313,0,,], x-ms-request-id=[<REMOVE>]}
Body:
{"error":"invalid_grant",
"error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: <REMOVED>\r\nCorrelation ID: <REMOVED>\r\nTimestamp: 2019-04-02 12:27:11Z",
"error_codes":[9002313],
"timestamp":"2019-04-02 12:27:11Z",
"trace_id":"<REMOVED>",
"correlation_id":"<REMOVED>"}
Issue Analytics
- State:
- Created 4 years ago
- Comments:21 (8 by maintainers)
Top Results From Across the Web
"AADSTS9002313: Invalid request. Request is malformed or ...
AADSTS9002313 : Invalid request. Request is malformed or invalid. We have tried deleting the Outlook profile, MS credentials but nothing works.
Read more >OfficeDocs-Support/aadsts9002313-invalid-request.md at public
When you try to activate Microsoft 365 apps, you encounter the error message: AADSTS9002313: Invalid Request. Request is malformed or invalid. Try the...
Read more >Invalid request. Request is malformed or invalid. While getting ...
For this code flow there are two steps: Request an authorization code; With this authorization code need request token. Get authorization code.
Read more >Error "Exchange operation failed" occurs when trying to ...
AADSTS9002313 : Invalid request. Request is malformed or invalid". Environment. SAP Cloud for Customer. Cause. The error may occur in case ...
Read more >Moodle in English: Error in OpenID Connect: AADSTS9002313
Error in OpenID Connect: AADSTS9002313: Invalid request. Request is malformed or invalid. Forum. General help.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
The problem ended up being a configuration issue. My
PublicClientApplication
is configured with a DEFAULT B2C authority. I was then usingPublicClientApplication.acquireTokenSilentAsync(scopes, account, callback)
to refresh the token. The problem (according to @iambmelt) was that the token refresh was being routed to the AAD STS (Secure Token Service), Azure AD’s token issuer, rather than the B2C STS. The fix was to pass in anull
for the authority to let the SDK resolve the token endpoint. I usedpublic void acquireTokenSilentAsync(scopes, account, authority, forceRefresh, callback)
.Thanks to @iambmelt for doing the research and providing a fix!
Hello, we are also seeing a case where we receive this error. Is there any chance we can get insights from the Microsoft/Azure side on what’s causing it? Here are the details:
Thank you!