Skip to main content

What it means

The caller presented a bearer token that Passport recognizes as previously issued, but its lifetime has elapsed. Distinct from AUTH_REQUIRED because your refresh_token should still work — you do not need to run a full OAuth consent again.

How to fix

  • Exchange your refresh_token for a new access_token at the Passport token endpoint.
  • Retry the original tool call with the new bearer.
  • If refresh also fails, fall back to the full OAuth consent flow — the connection may have been revoked.

Response envelope

{
  "ok": false,
  "error_envelope": {
    "code": "AUTH_EXPIRED",
    "message": "The access token has expired.",
    "docs_url": "https://tryaeris.ai/docs/mcp/errors/auth-expired",
    "retryable": false,
    "retry_after_ms": null,
    "details": {}
  }
}
details is empty for this code.
  • AUTH_REQUIRED — no valid token was presented at all.
  • CONNECTION_EXPIRED — the Aeris bearer is fine, but a partner OAuth grant behind the tool has lapsed.