Offic365 : "Invalid_Grant" response is received every 15days

Question

Every 15 days we are receiving "invalid_grant" response when our application tries to retrieve Contacts/Calendar Events from Office 365. We have verified the settings and password policy is set to default value (90) and application authorization is not revoked from Office 365 account. Adding to this User password is not changed manually.

So any specific reason for this behavior?

Answer 1

I think it is caused by refresh token being invalid or being revoked by Microsoft. The reason could be

1. Your Office 365 account password is changed
2. Refresh token is expired, 14 days for work or school account and 1 year for personal accounts.
3. Changes on Office 365 Apps, https://apps.dev.microsoft.com or your AAD setting, e.g. permission changed, App password changed, etc.

It could be wrong or there might be some other reason. Please correct me if anything is not accurate.

Answer 2

Yes there is a reason. If a user got locked out and had to reset his password or any other invalid tries to login to Azure AD (Which authenticates users against o365) will invalidate the refresh token that your app has. therefore, an application will handle the changed password (old refresh token) gracefully by throwing this error. In this case, you app should redirect the user to the authorization page to authenticate the user.

Hope this helps.