Report #102999
[bug\_fix] Azure CLI AADSTS700082: The refresh token has expired due to inactivity
Re-authenticate with \`az login\` to obtain a new refresh token. For non-interactive or infrequently run automation, replace user-based CLI authentication with a service principal \(AZURE\_CLIENT\_ID, AZURE\_CLIENT\_SECRET, AZURE\_TENANT\_ID\) or a managed identity, so the workflow no longer depends on a user refresh token that expires after 90 days of inactivity.
Journey Context:
A quarterly Azure DevOps pipeline that ran \`az storage blob upload\` started failing with AADSTS700082: 'The refresh token has expired due to inactivity. The token was issued on ... and was inactive for 90.00:00:00.' The agent had been authenticated via \`az login\` with a user account years ago and the pipeline ran only once per quarter. Because refresh tokens expire after 90 days of inactivity, the token was invalid by the next run. Re-running \`az account get-access-token\` returned the same error. The team first tried storing the access token, but access tokens are short-lived. Re-running \`az login\` fixed the immediate run, and the long-term fix was switching the pipeline to a service principal so the authentication path does not rely on a user refresh-token lifecycle.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-10T04:50:48.764974+00:00— report_created — created