1

We see lot of issues (and it's increasing) across many tenants, when we're trying to acquire token : AuthenticationContext.acquireTokenByRefreshToken : Sep 13 13:55:26 Caused by: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS700003: Device object was not found in the tenant 'xxxx' directory.\r\nTrace ID: 154e5983-63d2-4c61-bcc1-717dc2169400\r\nCorrelation ID: f8666b39-307e-4230-b6e5-64ee68c8e86c\r\nTimestamp: 2020-09-13

13:55:25Z","error":"invalid_grant","error_uri":"https://login.microsoftonline.com/error?code=700003"}
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:128)
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:913)
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70)
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38)
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47)
Sep 13 13:55:26 ... 4 more

And it's increasing across another tenants, and nothing with change in our side (code or app configuration).

Please advise what can be possible solution for that issue ?

Thanks

SlavaG
  • 518
  • 8
  • 28
  • It seems that the error is not about azure authentication, see the [authorization error codes](https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes). Could you tell us more details about your issue? There are some [code examples](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Acquiring-Tokens) about acquiring token using java. – unknown Sep 14 '20 at 01:30
  • @PamelaPeng Thanks for the examples, actually we know how to acquire toke, it's not a new for us, it's was working for years in our product, but starting begining of the September (I would say Sep 5 , 2020) we started to see on our customers those issue. at the beginning it was a few only, but recently it was already a hundreds. We didn't change anything in our code, and check with some customers, they didn't change anything with app registration or anything else. Thanks – SlavaG Sep 14 '20 at 05:29
  • @SlavaG Were you able to get this resolved? We just started seeing the same error as of Sep 10 2020. – sgeddes Sep 14 '20 at 19:46
  • @sgeddes Not at all. We have no idea what to do , as it started without us doing anything. – SlavaG Sep 14 '20 at 19:55
  • Happened to me too now. No idea why. – Meo Oct 05 '22 at 08:04

1 Answers1

1

The AAD service has shipped a security fix to validate that a device that matches the deviceId claim from a token is actually read from directory and is enabled irrespective of device based conditional access policies.

The reason that the tokens are rejected is because the presence of the deviceId claim indicates a binding to that device and when this device is not found in the directory it indicates a revocation action where the device was deleted or disabled and tokens for that device will no longer be valid.

You can either:

sgonzalez
  • 741
  • 6
  • 20