What causes AADSTS70019?

User waited too long to enter the device code at microsoft.com/devicelogin (default lifetime is ~15 minutes). Device code flow initiated by a CLI/script, but user only completed the browser step after the code lifetime elapsed. Email/SMS one-time passcode (OTP) for B2B guest sign-in was used after its expiry window. Clock skew between the client device and Entra ID causing the code to be evaluated as expired. Polling client (e.g. Azure CLI, az login, PowerShell Connect-AzAccount) was paused or backgrounded past the code TTL

How do I fix AADSTS70019?

Restart the sign-in flow to generate a new device code or verification code, and complete the browser authentication within ~15 minutes. If using Azure CLI, PowerShell, or a custom OAuth client, re-run the command (e.g. `az login --use-device-code`) and immediately open the verification URL — don't queue it. Verify the client device clock is synced (NTP) — clock drift > a few minutes will invalidate codes early. For B2B guest invitations using OTP, ask the inviter to re-send the invite so a fresh code is issued. If this happens repeatedly in an automated pipeline (ADF, Fabric, Databricks job), switch from device code flow to a service principal with a client secret or certificate — device code flow is not designed for unattended scenarios

High severityauthentication

Power BI Error:
AADSTS70019

What does this error mean?

The OAuth device code or verification code submitted during sign-in has passed its validity window.

Common causes

1User waited too long to enter the device code at microsoft.com/devicelogin (default lifetime is ~15 minutes)
2Device code flow initiated by a CLI/script, but user only completed the browser step after the code lifetime elapsed
3Email/SMS one-time passcode (OTP) for B2B guest sign-in was used after its expiry window
4Clock skew between the client device and Entra ID causing the code to be evaluated as expired
5Polling client (e.g. Azure CLI, az login, PowerShell Connect-AzAccount) was paused or backgrounded past the code TTL

How to fix it

1Restart the sign-in flow to generate a new device code or verification code, and complete the browser authentication within ~15 minutes
2If using Azure CLI, PowerShell, or a custom OAuth client, re-run the command (e.g. `az login --use-device-code`) and immediately open the verification URL — don't queue it
3Verify the client device clock is synced (NTP) — clock drift > a few minutes will invalidate codes early
4For B2B guest invitations using OTP, ask the inviter to re-send the invite so a fresh code is issued
5If this happens repeatedly in an automated pipeline (ADF, Fabric, Databricks job), switch from device code flow to a service principal with a client secret or certificate — device code flow is not designed for unattended scenarios

Frequently asked questions

What does AADSTS70019 mean?

Verification code expired. Have the user retry the sign-in.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes