Exact Online error: "Token is not allowed, because of invalid or empty chainId" on Exact Online

Go to Dutch version with more extensive comments

When retrieving an OAuth Access Token on Exact Online via https://start.exactonline.TLD/api/oauth2/token, an HTTP 400 (Bad Request) occurs occasionally since May 2021 with the message:

{ "error":"invalid_grant"
, "error_description":"Token is not allowed, because of invalid or empty chainId" 

This issue occurred once in May 2021 with a developer with their own Exact Online client ID on Invantive Query Tool 20.0.

Since July so far only on July 21 when using the Implicit Grant Flow on Currency Tools. On July 23 and 27 this error occurred with the Invantive Query Tool in version 20.0, using a refresh token.

“invalid or empty chainId” using Code Grant Flow

The likely cause of the message “Token is not allowed, because of invalid or empty chainId” is the use of the Code Grant Flow with an incorrect previous refresh token, for example when using the Invantive Query Tool. All refresh tokens must form an unbroken chain on Exact Online if for the app the use of “old refresh tokens” is not allowed by Exact Online Support.

The message is related to Itgenoda061: Massale "Token expired" errors op Exact Online sinds 24 juli (Dutch), but the error message is different from the expected error message:

Old refresh token used.

A similar problem is Itgenoda219 op Exact Online: Error "Old refresh token used." bij verbinden (Dutch).

Probably this is a not so nice error message from the Exact Online code where actually the message should have been given:

Old refresh token used

Presumably this message occurs when using a refresh token that is already older and where a series of new refresh token values have already been passed.

Advice is to switch to the Implicit Grant Flow as described for the time being:

As depicted on Exact Online error message: Old refresh token used a future version will allow the use of the Code Grant Flow within logical limits. However, the Exact Online Code Grant Flow must first be bug free for this to happen.

Invantive Cloud can also suffer from the Exact Online bugs. It is possible to configure an automatic recovery, see Auto-recovery of Exact Online refresh tokens for data containers.

Other related articles about the quick expiration of refresh tokens and a maximum of one combination of user and client ID are: