AADSTS165000: invalid Request: The request tokens do not match the user context,

Question

AADSTS165000: invalid Request: The request tokens do not match the user context,

AlexJK 6

MAUI. Android app, use Oauth2D to login. Always get the error:

Requestld:50664542-03a0-48dc-b330-acf123cf9f00

Correlationld:27fdf9bd-1dd4-4b3b-a556-34f7c03c17af

Timestamp:2025-04-02T02:58:37Z

Message:AADSTS165000: invalid Request: The request tokens do not match the user

context, Do not copy the user context values (cookies, form fields, headers) betweendifferent requests or user sessions; always maintain the Al of the supplied values across acomplete single user flow. Failure Reasons: Token values do not match:

Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 50,121 Reputation points Microsoft External Staff

2025-04-02T07:04:27.65+00:00

Have you encountered this problem while using Azure? In the Q&A forum, users encountered the same error message and provided their own workaround: Error AADSTS165000 when launching portal.office.com.

You can refer to the following excerpts.

Hopefully this issue has been resolved for you as well but if not the cause was on the Microsoft side and you will need to place a support request through the Entra (Formerly AzureAD) support page.

AlexJK 6

No, clear cookies does not help.

        _pca = PublicClientApplicationBuilder.Create(_clientId)

            .WithAuthority($"https://login.microsoftonline.com/{_tenantId}")

            .WithRedirectUri(_redirectUri)

            .WithParentActivityOrWindow(() => Manifest.MainActivity.Current)

            .Build();

I get the error when call the codes below:

                authResult = await _pca.AcquireTokenInteractive(_scopes)

                .ExecuteAsync();

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

2 answers

Your answer

Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 50,121 Reputation points Microsoft External Staff

2025-04-02T07:04:27.65+00:00

Have you encountered this problem while using Azure? In the Q&A forum, users encountered the same error message and provided their own workaround: Error AADSTS165000 when launching portal.office.com.

You can refer to the following excerpts.

Hopefully this issue has been resolved for you as well but if not the cause was on the Microsoft side and you will need to place a support request through the Entra (Formerly AzureAD) support page.
AlexJK 6 Reputation points

2025-04-02T07:20:05.14+00:00

No, clear cookies does not help.

_pca = PublicClientApplicationBuilder.Create(_clientId) .WithAuthority($"https://login.microsoftonline.com/{_tenantId}") .WithRedirectUri(_redirectUri) .WithParentActivityOrWindow(() => Manifest.MainActivity.Current) .Build();

I get the error when call the codes below:

authResult = await _pca.AcquireTokenInteractive(_scopes) .ExecuteAsync();
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 1

Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 50,121 Microsoft External Staff

Hello,

The application can run as expected when using pca certification in the following way.


public class AuthService

    {

        private readonly IPublicClientApplication _pca;

        private readonly string[] _scopes = new[] { "User.Read" }; // Change as needed

        private IAccount _userAccount;

 

        public AuthService()

        {

#if ANDROID

            _pca = PublicClientApplicationBuilder.Create("

                .WithAuthority(AzureCloudInstance.AzurePublic, "

                .WithRedirectUri("msauth://com.companyname.mauiapp1/") // Varies by platform

                .WithParentActivityOrWindow(() => Platform.CurrentActivity) // Android platform specific line

                .Build();

#else

            _pca = PublicClientApplicationBuilder.Create("_clientId")

                .WithAuthority(AzureCloudInstance.AzurePublic, "{_tenantId}")

                .WithRedirectUri("msauth://com.companyname.mauiapp1/") // Varies by platform

                .Build();

 

#endif

 

        }

 

        public async Task<AuthenticationResult> LoginAsync()

        {

            try

            {

                _userAccount = (await _pca.GetAccountsAsync()).FirstOrDefault();

                return await _pca.AcquireTokenSilent(_scopes, _userAccount).ExecuteAsync();

            }

            catch (MsalUiRequiredException)

            {

                return await _pca.AcquireTokenInteractive(_scopes).ExecuteAsync();

            }

        }

 

        public async Task LogoutAsync()

        {

            _userAccount = (await _pca.GetAccountsAsync()).FirstOrDefault();

            if (_userAccount != null)

            {

                await _pca.RemoveAsync(_userAccount);

            }

        }

    }

Best Regards,

Alec Liu.

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

AlexJK 6

Still the same error.

Can you please check if there is any setting wrong in azure console? Here is the settings:

{
	"id": "6f9b372e-e068-439a-9525-eb1ef86741e0",
	"acceptMappedClaims": null,
	"accessTokenAcceptedVersion": null,
	"addIns": [],
	"allowPublicClient": true,
	"appId": "08fdffb4-0873-43e8-9c1f-7eaf5d62bb4d",
	"appRoles": [],
	"oauth2AllowUrlPathMatching": false,
	"createdDateTime": "2025-03-24T00:25:06Z",
	"description": null,
	"certification": null,
	"disabledByMicrosoftStatus": null,
	"groupMembershipClaims": null,
	"identifierUris": [
		"api://08fdffb4-0873-43e8-9c1f-7eaf5d62bb4d"
	],
	"informationalUrls": {
		"termsOfService": null,
		"support": null,
		"privacy": null,
		"marketing": null
	},
	"keyCredentials": [],
	"knownClientApplications": [],
	"logoUrl": null,
	"logoutUrl": null,
	"name": "ManiFest6",
	"notes": null,
	"oauth2AllowIdTokenImplicitFlow": false,
	"oauth2AllowImplicitFlow": false,
	"oauth2Permissions": [],
	"oauth2RequirePostResponse": false,
	"optionalClaims": null,
	"orgRestrictions": [],
	"parentalControlSettings": {
		"countriesBlockedForMinors": [],
		"legalAgeGroupRule": "Allow"
	},
	"passwordCredentials": [],
	"preAuthorizedApplications": [],
	"publisherDomain": "763058531qq.onmicrosoft.com",
	"replyUrlsWithType": [
		{
			"url": "msauth://com.dellinger.manifest6/ga0RGNYHvNM5d0SLGQfpQWAPGJ8%3D",
			"type": "InstalledClient"
		},
		{
			"url": "msauth.com.dellinger.manifest6://auth",
			"type": "InstalledClient"
		}
	],
	"requiredResourceAccess": [
		{
			"resourceAppId": "00000003-0000-0000-c000-000000000000",
			"resourceAccess": [
				{
					"id": "5c28f0bf-8a70-41f1-8ab2-9032436ddb65",
					"type": "Scope"
				},
				{
					"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
					"type": "Scope"
				},
				{
					"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
					"type": "Scope"
				}
			]
		}
	],
	"samlMetadataUrl": null,
	"signInUrl": null,
	"signInAudience": "AzureADMyOrg",
	"tags": [
		"apiConsumer",
		"mobileApp"
	],
	"tokenEncryptionKeyId": null
}

And my code:

private static IPublicClientApplication _pca;
        private static GraphServiceClient graphClient;

        private static string RedirectUri = "msauth.com.dellinger.manifest6://auth";

        private static string[] _scopes = { };
        private static string _clientId = "08fdffb4-0873-43e8-9c1f-7eaf5d62bb4d";
        private static string _tenantId = "0af45798-29c5-48f1-9ccc-cc2a6f6e936d";
        private static string _redirectUri = "msauth://com.dellinger.manifest6/ga0RGNYHvNM5d0SLGQfpQWAPGJ8%3D";

        private readonly static OneDriverHelper _instance = new OneDriverHelper();
        public static OneDriverHelper Instance
        {
            get
            {
                return _instance;
            }
        }

        public OneDriverHelper()
		{
            _pca = PublicClientApplicationBuilder.Create(_clientId)
                .WithAuthority(AzureCloudInstance.AzurePublic, _tenantId)
                .WithRedirectUri(_redirectUri)
                .WithParentActivityOrWindow(() => Platform.CurrentActivity) // Android platform specific line
                .Build();
        }

        public static async Task InitializeGraphClientAsync()
        {
            var token = await GetAccessTokenAsync();
            if (string.IsNullOrEmpty(token)) return;

            var authProvider = new GraphAuthenticationProvider(_pca, new[] { "Files.ReadWrite" });
            graphClient = new GraphServiceClient(authProvider);
        }

        public static async Task<string> GetAccessTokenAsync()
        {
            try
            {
                var accounts = await _pca.GetAccountsAsync();
                AuthenticationResult authResult;

                if (accounts.Any())
                {
                    authResult = await _pca.AcquireTokenSilent(_scopes, accounts.FirstOrDefault()).ExecuteAsync();
                }
                else
                {
                    authResult = await _pca.AcquireTokenInteractive(_scopes)
                    .ExecuteAsync();
                }

                return authResult.AccessToken;
            }
            catch (MsalUiRequiredException)
            {
                return (await _pca.AcquireTokenInteractive(_scopes).ExecuteAsync()).AccessToken;
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
                return null;
            }
        }

Yonglun Liu (Shanghai Wicresoft Co,.Ltd.) 50,121 Reputation points Microsoft External Staff

2025-04-04T02:33:19.0933333+00:00
For your Oatuh login, have you tried using the Maui official Web authenticator to log in to your Microsoft account?

Web authenticator.
AlexJK 6 Reputation points

2025-04-07T05:02:16.39+00:00

No, same error.

Answer 2

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Share via

AADSTS165000: invalid Request: The request tokens do not match the user context,

2 answers

Your answer