question

HuangChao-8862 avatar image
0 Votes"
HuangChao-8862 asked ·

OAuth2 Authorization code was already redeemed

AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: 46d60227-a196-4a10-96b1-dff84a843400 Correlation ID: 8d6ce73f-e8b1-4630-a75f-61d8f30eeb93 Timestamp: 2021-03-12 08:28:33Z my web app has been working fine for 2 years. It's not working now. this is my code

url = "https://login.microsoftonline.com/{TID}/oauth2/token".format( TID=MYTID, )
data = requests.post(url, data={ 'client_id': CLIENT_ID, 'client_secret': my_secrete, 'code': token, 'grant_type': 'authorization_code', "redirect_uri": REDIRECT_URI, 'resource': APPID_URI, })
return data.json()

does any one have any idea about this?





azure-ad-authentication-protocols
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

sikumars-msft avatar image
0 Votes"
sikumars-msft answered ·

Hello @HuangChao-8862,

This behavior is to be expected when your application reuses authorization codes to get tokens. I would recommend you to revisit your code and see if your application reuses code.

If your app reuses authorization codes to get tokens for multiple resources, we recommend that you use the code to get a refresh token, and then use that refresh token to acquire additional tokens for other resources. Authorization codes can only be used once, but refresh tokens can be used multiple times across multiple resources. Any new app that attempts to reuse an authentication code during the OAuth code flow will get an invalid_grant error AADSTS54005: OAuth2 Authorization code was already redeemed.

For more information, read this (article](https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#authorization-codes-can-no-longer-be-reused)

Regards,
Siva Kumar Selvaraj

· 1 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HuangChao-8862 avatar image HuangChao-8862 ·

Thank you for answering. the root cause of my problem is we're having problem accessing 'graph.microsoft.com' from aws china, which causes reuse of Authorization code

0 Votes 0 ·
RahulMetangale-9479 avatar image
0 Votes"
RahulMetangale-9479 answered ·

Hi @HuangChao-8862

Since you mentioned that app has been working since last two years, one possible issue could be secret has expired. Please note down the client id, now navigate to Azure AD - App registration - search for the application (you can enter the copied client id). Once you find the application select the application - select certificate & Secret - under client secret see if the secret has expired. If yes then create a new secret and update your configuration.

I hope this helps.

Thanks,
Rahul

· 1 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HuangChao-8862 avatar image HuangChao-8862 ·

the secrete is valid, i can confirm that. the root cause of my problem is we're having problem accessing 'graph.microsoft.com' from aws china

0 Votes 0 ·