search

SharePoint / sp-dev-docs

SharePoint & Viva Connections Developer Documentation
https://docs.microsoft.com/en-us/sharepoint/dev/
Creative Commons Attribution 4.0 International
1.24k stars 1k forks source link

Token request failed #9410

Open Alanhlan opened 8 months ago

Alanhlan commented 8 months ago

Target SharePoint environment

SharePoint Online

What SharePoint development model, framework, SDK or API is this about?

SharePoint CSOM

Developer environment

Windows

What browser(s) / client(s) have you tested

Additional environment details

Describe the bug / error

Many tenants use Microsoft.SharePoint.Client to synchronize SharePoint files with Client Id and Client Secret. However, since December 15th, many of our clients have experienced an error that SharePoint files cannot be synchronized. The error log shows:

Microsoft.IdentityModel.SecurityTokenService.RequestFailedException: Token request failed. ---> System.Net.WebException: The remote server returned an error: (400) Bad Request.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.IdentityModel.S2S.Protocols.OAuth2.OAuth2WebRequest.GetResponse()
   at Microsoft.IdentityModel.S2S.Protocols.OAuth2.OAuth2S2SClient.Issue(String securityTokenServiceUrl, OAuth2AccessTokenRequest oauth2Request)

I am sure that the Client Secret of these customers has not expired

Steps to reproduce

Can not get access token through Client Id Client Secret

Expected behavior

Can get accessToken

ghost commented 8 months ago

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

remar27 commented 8 months ago

We've been experiencing the exact same issue since this morning with all provider-hosted type add-ins deployed across multiple tenants. Our use case involves saving refresh tokens to the SQL database, using them to obtain access tokens, and connect to SharePoint using CSOM to perform tasks when the user is offline. It seems these refresh tokens are no longer valid. When a refresh token is renewed, everything works fine. However, the problem is that all refresh tokens have ceased to function, and each user has to refresh their token within the app. Imagine doing this for thousands of users....

About two months ago, we had similar issues (https://github.com/SharePoint/sp-dev-docs/issues/9279), which were already resolved. At that time, the problem was in all tokens being invalidated when the add-in was added to a new site.

Today we are getting exact the same errors. The response from the token service:

{"error":"invalid_grant","error_description":"AADSTS70000: Provided grant is invalid or malformed. Trace ID: 8b82d93c-66e4-4b39-8459-446fd4592f00 Correlation ID: e122e937-92bc-42b7-ac7c-a29a02e523a6 Timestamp: 2023-12-18 09:01:38Z","error_codes":[70000],"timestamp":"2023-12-18 09:01:38Z","trace_id":"8b82d93c-66e4-4b39-8459-446fd4592f00","correlation_id":"e122e937-92bc-42b7-ac7c-a29a02e523a6","error_uri":"https://accounts.accesscontrol.windows.net/error?code=70000"}

federicodibe commented 6 days ago

Any update?