Authentication errors: possible issues and solutions

During the authentication procedure you may receive the following error: "Unfortunately an error occurred during authentication while performing the action". You can expand Details to find more information about the error and select Try again to see if this fixes the error.

This article describes how to learn more about the error you have received by checking the error code and potential solutions to the issue.

 

In this article

 

Checking the error code

To learn more about the error received you can check its code and get some information and, possibly, a solution. To do this:

1. Expand the Details to show information about the error you've received. Find the error code, for example for the error AADSTS501481 the code will be the numbers after the letters—501484. Copy only these numbers of the error code.

 

 

2. Navigate to https://login.microsoftonline.com/error and paste the copied numbers in Error Code.

 

 

3. Select Submit to see the description of the error.

 

 

TIP   

For some errors, recommendations can be provided under the error description. The remediation can help to solve the issue.

For example, for the AADSTS501481 error the remediation provided is Contact the application owner to correct their use of the PKCE parameters.

 

 

Most common errors and solutions

Below in the table we list the description and remediation (if any provided) of the most common error codes for the Unfortunately an error occurred during authentication while performing the action error.

 

Error code Description
AADSTS501481 The Code_Verifier does not match the code_challenge supplied in the authorization request.
AADSTS160021

Application requested a user session which does not exist.

A possible workaround may be to enable third-party cookies in your browser settings.

AADSTS700003

Device object was not found in the tenant '{tenantName}' directory.

RemediationInvalid grant due to the following reasons:
- Requested SAML 2.0 assertion has invalid Subject Confirmation Method
- Application On-Behalf-Of flow is not supported on V2
- Primary refresh token is not signed with session key
- Invalid external refresh token
- The access grant was obtained for a different tenant

AADSTS90094

<clientAppDisplayName> needs permission to access resources in your organization that only an admin can grant. Admin consent is required for the permissions requested by this application.

Remediation: Ask your tenant administrator to provide consent for this application.

AADSTS50076

Due to a configuration change made by the admin, or because you moved to a new location, the user must use multi-factor authentication to access the resource. Retry with a new authorize request for the resource.

Remediation: User needs to perform multi-factor authentication. There could be multiple things requiring multi-factor, e.g. Conditional Access policies, per-user enforcement, requested by client, among others.

AADSTS65001

The user or administrator has not consented to use the application with ID '{identifier}'{namePhrase}. Send an interactive authorization request for this user and resource.

AADSTS90033 A transient error has occurred. Please try again.

 

More information about error codes can be found in Azure AD authentication & authorization error codes and in Troubleshooting sign-in to apps.

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

Article is closed for comments.