"AADSTS700003: Device object was not found in the tenant" issue started since the beginning of September

11.2k views Asked by At

We see lot of issues (and it's increasing) across many tenants, when we're trying to acquire token : AuthenticationContext.acquireTokenByRefreshToken : Sep 13 13:55:26 Caused by: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS700003: Device object was not found in the tenant 'xxxx' directory.\r\nTrace ID: 154e5983-63d2-4c61-bcc1-717dc2169400\r\nCorrelation ID: f8666b39-307e-4230-b6e5-64ee68c8e86c\r\nTimestamp: 2020-09-13

13:55:25Z","error":"invalid_grant","error_uri":"https://login.microsoftonline.com/error?code=700003"}
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:128)
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:913)
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70)
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38)
Sep 13 13:55:26 at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47)
Sep 13 13:55:26 ... 4 more

And it's increasing across another tenants, and nothing with change in our side (code or app configuration).

Please advise what can be possible solution for that issue ?

Thanks

1

There are 1 answers

0
sgonzalez On BEST ANSWER

The AAD service has shipped a security fix to validate that a device that matches the deviceId claim from a token is actually read from directory and is enabled irrespective of device based conditional access policies.

The reason that the tokens are rejected is because the presence of the deviceId claim indicates a binding to that device and when this device is not found in the directory it indicates a revocation action where the device was deleted or disabled and tokens for that device will no longer be valid.

You can either: