I receive a Token Expired error message when returning from a supplier's PunchOut catalog.

Multiple scenarios can cause this error:

1. The buyer is using the deprecated s1-2 Front Door to access Ariba.
2. The session's BuyerCookie value from the Punchout Setup Request (POSR) is not maintained or is different in the Punchout Order Message (POOM) returned by the supplier.
3. Supplier uses cross site cookies, which the latest versions of Chrome and Edge Browsers are restricting.
   1. The Chromium project made changes to how cookies are handled in winter of 2020. Details on this change can be found in KBA 186196. Users in a Chrome version prior to 90 could disable samesite cookies in order to avoid being impacted, however, as of version 90, samesite cookies can no longer be disabled.

Depending on which scenario below applies to your situation, one of the following actions may need to take place:

1. The s1-2 Front door has been deprecated. Customers must use the s1 Front door. The following KBA has additional details: KB0844458
2. The supplier must ensure that the Buyer Cookie they are sending in the POOM matches what they are receiving in the POSR sent by Ariba. BuyerCookie Element
3. Please see KB0401486

Catalog Management
Catalog Management > APC
Catalog Management > Punchout Catalog > Punchout Catalog Ordering