function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Aristotelis Savas 4Aristotelis Savas 4 

Unable to push to or even list scratch org: "invalid_grant - expired access/refresh token"

I've been unable to push to my scratch org or even list it in gitbash / CLI since yesterday. Looks like my token has expired but after a half day of Googling I can't find a solution for how to fix it when the issue is your gitbash won't connect (all I'm finding is how to fix the code in your APIs getting the similar messages).

I'm able to log in to my scratch org through the browser, but if I try to force:auth:web:login and pop the URL that way, I get an error about localhost. Below is what I'm getting in gitbash:

sfdx force:org:push -u -sfdx-tst
ERROR running force:source:push:  Error authenticating with the refresh token due to: expired access/refresh token

sfdx force:org:display
ERROR running force:org:display:  This org appears to have a problem with its OAuth configuration. Reason: invalid_grant - expired access/refresh token
username: test-ealg1mxwqs9w@example.com,
clientId: PlatformCLI,
loginUrl: https://CS69.salesforce.com,
privateKey: <Not Specified>

Try this:
Verify the OAuth configuration for this org. For JWT:
Ensure the private key is correct and the cert associated with the connected app has not expired.
Ensure the following OAuth scopes are configured [api, refresh_token, offline_access].
Ensure the username is assigned to a profile or perm set associated with the connected app.
Ensure the connected app is configured to pre-authorize admins.
 

AbhishekAbhishek (Salesforce Developers) 
An application may be listed more than once. Each time you grant access to an application, it obtains a new access token. Requests for refresh tokens increase the Use Count displayed for the application. You must grant access to your Salesforce data from each device that you use, for example, from both a laptop and a desktop computer. The default limit is five access tokens for each application. Newer applications (using the OAuth 2.0 protocol) are automatically approved for additional devices after you've granted access once. OAuth 2.0 applications can be listed more than once. Each row in the table represents a unique grant, so if an application requests multiple tokens with different scopes, you’ll see the same application multiple times.

Even if the connected app tried and failed to access your information because it could not log in, the Use Count and Last Used fields are still updated.

For more information with a similar discussion please check the below thread from the stack exchange community which might give you a better understanding.
http://salesforce.stackexchange.com/questions/65590/what-causes-a-connected-apps-refresh-token-to-expire


For further reference, you can check this blog too (https://salesforce.stackexchange.com/questions/10759/invalid-grant-expired-access-refresh-token-error-when-authenticating-access-via).

I hope you find the above information is helpful. If it does, please mark as Best Answer to help others too.

Thanks.
Aristotelis Savas 4Aristotelis Savas 4
The links contain good information, but going through those articles I didn't see a fix for how I reup this certificate gitbash / CLI is using. I can see the two apps I've authorized on this scratch org at one user each so I'm not over count; I've only accessed them from a single laptop.

I'm able to log in to the scratchorg via the browser. For some reason after one week, gitbash / CLI no longer have an active authorization and I don't know how to renew it.

User-added image
AbhishekAbhishek (Salesforce Developers) 
It's a weird Issue.

Please log a case with salesforce support so that they will check their internal logs and assist you.
Aristotelis Savas 4Aristotelis Savas 4

One of the other guys in my org came up with the answer, couldn't find this on Google no matter how hard I tried. Posting here in case anyone finds this article & has the same issue with reauthorizing your token for a scratch org:

 

From within VSCode, hit CTRL + SHIFT + P and select "Authorize an Org," or from gitbash or CLI run sfdx force:auth:web:login -r https://test.salesforce.com and login with your scratch org's creds

Suraj Tripathi 47Suraj Tripathi 47
Hi,
Greetings!

This error occurs when your access token is expired.
So please install the latest version of salesforce CLI.
Then try to re-authorize your org.
It will generate a new access token for your scratch org.
So you can access your scratch org in VS Code as well.

If you find your Solution then mark this as the best answer. 

Thank you!

Regards,
Suraj Tripathi
Geoff DGeoff D
Greetings, I just finished refreshing Sandbox and got the same VS Code error trying to use an existing project.
I followed the above steps but they didn't work, initially, one step was missing. Restarting VS Code
  • CTRL + SHIFT + P
  • Authorize an Org [ENTER]
  • Project Default [ENTER]
  • Org Alias (left it what it was) [ENTER]
  • Click Allow on OAuth screen
  • Tested VS Code, it failed with the same error
  • Fully close VS Code, start it again. Issue resolved.