Access token has expired or is not yet valid error for MS graph
Issue
Facing error "Access token has expired or is not yet valid" error for MS graph when using the Authorization Code grant type.
Cause
With the Authorization Code grant, tokens are account based.
But with client credentials grant, token are Azure AD application (client) based.
Solution
Based on the cause of the issue, switching to the Client Credentials grant should avoid this token expiry issue.
Above being said, and as a general rule for KIC, the access token life time is 59 minutes.
In KIC, access tokens get refreshed every half an hour.
So the Access token expired error, will be seen when the KC Plug-In service is stopped for more than 1 hour.
The life time of Refresh token is 90 days.
So, ensure that the KC Plug-In service is not stopped for more than 90 days.
Some extra reading material that also points to the default scope URL for Client Credentials being:
Get access without a user - Microsoft Graph | Microsoft Docs
This is the main documentation we have:
Level of Complexity
Moderate
Applies to
| Product | Version | Build | Environment | Hardware |
|---|---|---|---|---|
| Kofax Import Connector | All | N/A | N/A | N/A |
Article # 3035032