AADSTS9002313: Invalid request. Request is malformed or invalid.

See original GitHub issue

I am getting the following MsalUiRequiredException when calling PublicClientApplication.acquireTokenSilentAsync(scopes, account, callback) after the access token expires.

Scope: "https://<REMOVED>.onmicrosoft.com/security/access.full"

com.microsoft.identity.client.exception.MsalUiRequiredException: AADSTS9002313: Invalid request. Request is malformed or invalid.
Trace ID: <REMOVED>
Correlation ID: <REMOVED>
Timestamp: 2019-04-02 12:27:11Z
    at com.microsoft.identity.client.internal.controllers.LocalMSALController.renewAccessToken(LocalMSALController.java:404)
    at com.microsoft.identity.client.internal.controllers.LocalMSALController.acquireTokenSilent(LocalMSALController.java:307)
    at com.microsoft.identity.client.internal.controllers.MSALTokenCommand.execute(MSALTokenCommand.java:65)
    at com.microsoft.identity.client.internal.controllers.MSALApiDispatcher$2.run(MSALApiDispatcher.java:267)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
    at java.lang.Thread.run(Thread.java:764)

The following HTTP Request & Response information was taken from a debug session using breakpoints in the OAuth2Strategy class.

HTTP Request Headers:

{client-request-id=<REMOVED>, 
x-client-CPU=arm64-v8a, 
Host=login.windows.net, 
x-client-Ver=0.1.3, 
x-client-DM=ONEPLUS A6013, 
x-client-OS=28, 
x-client-SKU=MSAL.Android}

Url: https://login.windows.net/<REMOVED>/%2FoAuth2%2Fv2.0%2Ftoken Body:

client_id=<REMOVED>&
client_info=1&
grant_type=refresh_token&
redirect_uri=msal<REMOVED>%3A%2F%2Fauth&
refresh_token=<REMOVED>&
scope=https%3A%2F%2F<REMOVED>.onmicrosoft.com%2Fsecurity%2Faccess.full+openid+profile+offline_access

HTTP Response Headers:

{null=[HTTP/1.1 400 Bad Request], 
Cache-Control=[no-cache, no-store], 
client-request-id=[<REMOVE>], 
Connection=[close], 
Content-Length=[418], 
Content-Type=[application/json; charset=utf-8], 
Date=[Tue, 02 Apr 2019 12:27:11 GMT], 
Expires=[-1], P3P=[CP="DSP CUR OTPi IND OTRi ONL FIN"], 
Pragma=[no-cache], 
Set-Cookie=[fpc=<REMOVE>; expires=Thu, 02-May-2019 12:27:11 GMT; path=/; secure; HttpOnly, x-ms-gateway-slice=prod; path=/; secure; HttpOnly, stsservicecookie=ests; 
path=/; secure; HttpOnly], 
Strict-Transport-Security=[max-age=31536000; includeSubDomains], 
X-Android-Received-Millis=[1554208030120], 
X-Android-Response-Source=[NETWORK 400], 
X-Android-Selected-Protocol=[http/1.1], X-Android-Sent-Millis=[1554208030062], X-Content-Type-Options=[nosniff], x-ms-clitelem=[1,9002313,0,,], x-ms-request-id=[<REMOVE>]}

Body:

{"error":"invalid_grant",
"error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: <REMOVED>\r\nCorrelation ID: <REMOVED>\r\nTimestamp: 2019-04-02 12:27:11Z",
"error_codes":[9002313],
"timestamp":"2019-04-02 12:27:11Z",
"trace_id":"<REMOVED>",
"correlation_id":"<REMOVED>"}

Issue Analytics

State:
Created 4 years ago
Comments:21 (8 by maintainers)

Top GitHub Comments

3reactions

rbireschcommented, Apr 9, 2019

The problem ended up being a configuration issue. My PublicClientApplication is configured with a DEFAULT B2C authority. I was then using PublicClientApplication.acquireTokenSilentAsync(scopes, account, callback) to refresh the token. The problem (according to @iambmelt) was that the token refresh was being routed to the AAD STS (Secure Token Service), Azure AD’s token issuer, rather than the B2C STS. The fix was to pass in a null for the authority to let the SDK resolve the token endpoint. I used public void acquireTokenSilentAsync(scopes, account, authority, forceRefresh, callback).

Thanks to @iambmelt for doing the research and providing a fix!

1reaction

dominicj-nylascommented, Feb 2, 2021

Hello, we are also seeing a case where we receive this error. Is there any chance we can get insights from the Microsoft/Azure side on what’s causing it? Here are the details:

AADSTS9002313: Invalid request. Request is malformed or invalid.
Trace ID: 1f2ed837-cba0-47d6-8bc6-f3477fb24700
Correlation ID: 205276f8-9ece-4083-b79d-4235d7ff7bf8
Timestamp: 2021-02-02 15:27:32Z

Thank you!

Top Results From Across the Web

"AADSTS9002313: Invalid request. Request is malformed or ...

AADSTS9002313 : Invalid request. Request is malformed or invalid. We have tried deleting the Outlook profile, MS credentials but nothing works.

OfficeDocs-Support/aadsts9002313-invalid-request.md at public

When you try to activate Microsoft 365 apps, you encounter the error message: AADSTS9002313: Invalid Request. Request is malformed or invalid. Try the...

Invalid request. Request is malformed or invalid. While getting ...

For this code flow there are two steps: Request an authorization code; With this authorization code need request token. Get authorization code.

Error "Exchange operation failed" occurs when trying to ...

AADSTS9002313 : Invalid request. Request is malformed or invalid". Environment. SAP Cloud for Customer. Cause. The error may occur in case ...

Moodle in English: Error in OpenID Connect: AADSTS9002313

Error in OpenID Connect: AADSTS9002313: Invalid request. Request is malformed or invalid. Forum. General help.