You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/entra/entra-id/app-integration/error-code-aadsts50000-issuing-token-sign-in-service.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,19 +7,19 @@ ms.author: bachoang
7
7
ms.custom: sap:Issues Signing In to Applications
8
8
---
9
9
10
-
# troubleshooting Azure AD token acquisition errors
10
+
# Error AADSTS50000 with issuing a token or an issue with sign-in service
11
11
12
12
The AADSTS50000 error can occur during the authentication process or token acquisition flow using the token endpoint. Multiple causes can lead to these errors, and this article provides common scenarios and their resolutions.
13
13
14
14
## Symptoms
15
15
16
-
When an user try to sign in to an application that's integrated into Microsoft Entra ID, the user receive the following error message:
16
+
When a user tries to sign in to an application that's integrated into Microsoft Entra ID, the user receives the following error message:
17
17
18
18
> AADSTS50000: There was an error issuing a token or an issue with our sign-in service.
19
19
20
20
## Cause 1: The user password is expired, invalid, or out of sync
21
21
22
-
This issue is common in hybrid environments. The user's federated account password may be out of sync between the on-premises Active Directory and Microsoft Entra ID. Additionally, this can also occur when a user session is being revoked.
22
+
This issue is common in hybrid environments. The user's federated account password may be out of sync between the on-premises Active Directory and Microsoft Entra ID. Additionally, this issue can also occur when a user session is being revoked.
23
23
24
24
### Solution for cause 1
25
25
@@ -39,7 +39,7 @@ The error you're referring to occurs during the OAuth2 device authorization gran
39
39
40
40
### Solution 3 for cause 3: verify application consent settings
41
41
42
-
1. Go to the [Azure portal](https//portal.azure.com), make sure that the client application (Service Principal) exists in the tenant's **Enterprise Applications** page. You can seearch for the application by App ID.
42
+
1. Go to the [Azure portal](https//portal.azure.com), make sure that the client application (Service Principal) exists in the tenant's **Enterprise Applications** page. You can search for the application by App ID.
43
43
2. Verify that the user has the ability to consent to the application. Check user settings in the **Enterprise Applications** page or review relevant policies affecting user consent.
44
44
45
45
## Cause 4: Symmetric signing key is used in the application or service principal object
@@ -77,9 +77,9 @@ If a signing key is required, use a signing certificate instead. For more inform
77
77
78
78
This error can occur in the following scenario:
79
79
80
-
- You have a multi-tenant resource application registered in tenant A. This application exposes only **Application Permission** type.
80
+
- You have a multitenant resource application registered in tenant A. This application exposes only **Application Permission** type.
81
81
- In a different tenant B, you have a client application registered. In the **API permission** page for this application, you configure the permission for the resource application registered in the other tenant.
82
-
- Then, you use use an OAuth 2 delegated grant flow (for instance auth code grant flow) to request an access token for the resource app using the `/.default` for the web API scope.
82
+
- Then, you use an OAuth 2 delegated grant flow (for instance auth code grant flow) to request an access token for the resource app using the `/.default` for the web API scope.
0 commit comments