What causes OAUTH_TOKEN_EXPIRED?

The OAuth access token TTL elapsed and the application did not implement token refresh logic. The refresh token also expired (typically after 90 days of inactivity), requiring full re-authorization. The Snowflake OAuth integration was recreated, invalidating all previously issued tokens. Clock skew between the application server and Snowflake caused premature token expiry detection

How do I fix OAUTH_TOKEN_EXPIRED?

Step 1: Identify whether the access token or the refresh token expired — check the error detail in the Snowflake query history.. Step 2: For expired access tokens, use the refresh token to obtain a new access token via the OAuth token endpoint.. Step 3: If the refresh token also expired, re-run the OAuth authorization flow to obtain a new token pair.. Step 4: Implement automatic token refresh in your application before the access token expiry time.. Step 5: Review the Snowflake OAuth integration parameters (OAUTH_ACCESS_TOKEN_VALIDITY, OAUTH_REFRESH_TOKEN_VALIDITY) and extend if needed.

High severityauthentication

Power BI Refresh Error:
OAUTH_TOKEN_EXPIRED

What does this error mean?

An OAuth access token used to authenticate a Snowflake connection has expired, causing the client application or partner integration to be rejected until a new token is obtained.

Common causes

1The OAuth access token TTL elapsed and the application did not implement token refresh logic
2The refresh token also expired (typically after 90 days of inactivity), requiring full re-authorization
3The Snowflake OAuth integration was recreated, invalidating all previously issued tokens
4Clock skew between the application server and Snowflake caused premature token expiry detection

How to fix it

1Step 1: Identify whether the access token or the refresh token expired — check the error detail in the Snowflake query history.
2Step 2: For expired access tokens, use the refresh token to obtain a new access token via the OAuth token endpoint.
3Step 3: If the refresh token also expired, re-run the OAuth authorization flow to obtain a new token pair.
4Step 4: Implement automatic token refresh in your application before the access token expiry time.
5Step 5: Review the Snowflake OAuth integration parameters (OAUTH_ACCESS_TOKEN_VALIDITY, OAUTH_REFRESH_TOKEN_VALIDITY) and extend if needed.

Frequently asked questions

What is the default access token lifetime for Snowflake OAuth?

The default OAuth access token lifetime is 600 seconds (10 minutes). You can increase it up to 7776000 seconds (90 days) using the OAUTH_ACCESS_TOKEN_VALIDITY parameter on the integration.

How do I check the expiry settings for my Snowflake OAuth integration?

Run DESC SECURITY INTEGRATION <name> and look for OAUTH_ACCESS_TOKEN_VALIDITY and OAUTH_REFRESH_TOKEN_VALIDITY in the output.