What causes OAuth2AccessTokenTypeNotSupported?

OAuth2 token type not supported. Integration runtime configuration is incorrect or outdated. Authentication credentials or permissions are insufficient. The feature or setting is not supported for the selected connector or copy mode

How do I fix OAuth2AccessTokenTypeNotSupported?

Check the activity run output for the token type value ADF received — this is shown in the error message as the unsupported token_type value returned by the server.. Verify that the OAuth2 authorization server you are connecting to issues Bearer tokens — ADF only supports the 'Bearer' token type in the Authorization header.. If using a custom REST API linked service, check whether the API's authentication server returns a non-standard token type (e.g., 'MAC', 'Digest') — these are not supported and require a different authentication approach in ADF.. Consider switching to a supported authentication method for the connector (API key, basic auth, or managed identity) if the OAuth2 server cannot issue Bearer tokens.. Contact the API provider to confirm their OAuth2 token response format — some providers issue tokens with a non-standard token_type field value that must be reconfigured.

Medium severityauthentication

Power BI Refresh Error:
OAuth2AccessTokenTypeNotSupported

What does this error mean?

The access token type returned by the OAuth2 authorization server is not supported by ADF. The token type must be Bearer.

Common causes

1OAuth2 token type not supported
2Integration runtime configuration is incorrect or outdated
3Authentication credentials or permissions are insufficient
4The feature or setting is not supported for the selected connector or copy mode

How to fix it

1Check the activity run output for the token type value ADF received — this is shown in the error message as the unsupported token_type value returned by the server.
2Verify that the OAuth2 authorization server you are connecting to issues Bearer tokens — ADF only supports the 'Bearer' token type in the Authorization header.
3If using a custom REST API linked service, check whether the API's authentication server returns a non-standard token type (e.g., 'MAC', 'Digest') — these are not supported and require a different authentication approach in ADF.
4Consider switching to a supported authentication method for the connector (API key, basic auth, or managed identity) if the OAuth2 server cannot issue Bearer tokens.
5Contact the API provider to confirm their OAuth2 token response format — some providers issue tokens with a non-standard token_type field value that must be reconfigured.

Frequently asked questions

Who needs to take action to fix an authentication failure in ADF?

Typically the pipeline owner (to re-authorize OAuth or update credentials) or an Azure AD admin (to re-enable a disabled service principal or reset a Conditional Access block). The error message indicates which identity is failing.

Can a Conditional Access policy cause ADF authentication failures?

Yes — Conditional Access policies requiring MFA or blocking non-compliant devices can affect ADF service principals. Check Azure AD sign-in logs for the service principal to identify the blocking policy.

Does ADF support managed identities to avoid credential management?

Yes — ADF supports system-assigned and user-assigned managed identities for many connectors (Azure SQL, Blob Storage, Key Vault, etc.). Managed identities use token-based authentication with no credentials to rotate or expire.

How long does it take for a new service principal secret to take effect in ADF?

After updating the secret in the ADF linked service and saving, the next pipeline run immediately uses the new credential. There is no propagation delay.

Official documentation: https://learn.microsoft.com/en-us/azure/data-factory/connector-troubleshoot-guide