Report #101050
[bug\_fix] Azure AADSTS700082: The refresh token has expired due to inactivity.
Perform interactive re-authentication \(\`az login\` for Azure CLI, or fresh OAuth flow for the app\). For unattended automation replace user account refresh tokens with a service principal \(client secret or certificate\) or a managed identity, so authentication uses client credentials rather than a per-user refresh token. If the tenant enforces shorter lifetimes via Conditional Access session policies, adjust those policies to match the automation's required session length.
Journey Context:
After a three-week vacation a developer runs \`az account get-access-token\` and gets \`AADSTS700082: The refresh token has expired due to inactivity. The token was issued on ... and was inactive for 90.00:00:00\`. The CLI had cached a refresh token that Microsoft Entra invalidated because it was not used to refresh an access token within the tenant's inactivity window. Silent refresh is impossible; the only recovery is a new interactive login. The deeper lesson is that user refresh tokens are a poor fit for cron jobs and agents, which should authenticate as an application/service principal that does not rely on a refresh-token grant.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T04:53:50.474142+00:00— report_created — created