What causes AADSTS70018?

User mistyped the user_code shown by the CLI/headless client on https://microsoft.com/devicelogin. The user_code expired before the user completed sign-in (default lifetime ~15 minutes). User pasted/entered an old code from a previous device code request instead of the latest one. Headless tooling (Power BI Gateway setup, az login --use-device-code, Databricks CLI, Fabric CLI) re-issued a new code while the user was still entering the previous one. Conditional Access or MFA prompt was cancelled mid-flow, leaving authorization not approved

How do I fix AADSTS70018?

Restart the device code flow in your tool (e.g. `az login --use-device-code`, Power BI on-prem gateway sign-in, Databricks CLI auth) to get a fresh user_code. Open https://microsoft.com/devicelogin in a browser and type the code exactly as shown — codes are case-sensitive and must be entered within ~15 minutes. Complete the full sign-in including any MFA / Conditional Access prompts; do not close the tab until you see 'You have signed in'. If you keep mistyping, copy the code from the terminal instead of reading it; for scripted scenarios switch to a non-interactive flow (client credentials or managed identity) so no user_code is needed. If the error persists for a service/automation account, verify the app registration has 'Allow public client flows' enabled in Entra ID → App registrations → Authentication

High severityauthentication

Power BI Error:
AADSTS70018

What does this error mean?

The user code entered at microsoft.com/devicelogin is invalid, mistyped, or already expired before approval.

Common causes

1User mistyped the user_code shown by the CLI/headless client on https://microsoft.com/devicelogin
2The user_code expired before the user completed sign-in (default lifetime ~15 minutes)
3User pasted/entered an old code from a previous device code request instead of the latest one
4Headless tooling (Power BI Gateway setup, az login --use-device-code, Databricks CLI, Fabric CLI) re-issued a new code while the user was still entering the previous one
5Conditional Access or MFA prompt was cancelled mid-flow, leaving authorization not approved

How to fix it

1Restart the device code flow in your tool (e.g. `az login --use-device-code`, Power BI on-prem gateway sign-in, Databricks CLI auth) to get a fresh user_code
2Open https://microsoft.com/devicelogin in a browser and type the code exactly as shown — codes are case-sensitive and must be entered within ~15 minutes
3Complete the full sign-in including any MFA / Conditional Access prompts; do not close the tab until you see 'You have signed in'
4If you keep mistyping, copy the code from the terminal instead of reading it; for scripted scenarios switch to a non-interactive flow (client credentials or managed identity) so no user_code is needed
5If the error persists for a service/automation account, verify the app registration has 'Allow public client flows' enabled in Entra ID → App registrations → Authentication

Frequently asked questions

What does AADSTS70018 mean?

Invalid verification code due to User typing in wrong user code for device code flow. Authorization isn't approved.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes