question

HuangChao-8862 avatar image
0 Votes"
HuangChao-8862 asked Foxit-9185 answered

OAuth2 Authorization code was already redeemed

AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: 46d60227-a196-4a10-96b1-dff84a843400 Correlation ID: 8d6ce73f-e8b1-4630-a75f-61d8f30eeb93 Timestamp: 2021-03-12 08:28:33Z my web app has been working fine for 2 years. It's not working now. this is my code

url = "https://login.microsoftonline.com/{TID}/oauth2/token".format( TID=MYTID, )
data = requests.post(url, data={ 'client_id': CLIENT_ID, 'client_secret': my_secrete, 'code': token, 'grant_type': 'authorization_code', "redirect_uri": REDIRECT_URI, 'resource': APPID_URI, })
return data.json()

does any one have any idea about this?





azure-ad-authentication-protocols
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sikumars avatar image
0 Votes"
sikumars answered HuangChao-8862 commented

Hello @HuangChao-8862,

This behavior is to be expected when your application reuses authorization codes to get tokens. I would recommend you to revisit your code and see if your application reuses code.

If your app reuses authorization codes to get tokens for multiple resources, we recommend that you use the code to get a refresh token, and then use that refresh token to acquire additional tokens for other resources. Authorization codes can only be used once, but refresh tokens can be used multiple times across multiple resources. Any new app that attempts to reuse an authentication code during the OAuth code flow will get an invalid_grant error AADSTS54005: OAuth2 Authorization code was already redeemed.

For more information, read this (article](https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#authorization-codes-can-no-longer-be-reused)

Regards,
Siva Kumar Selvaraj

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for answering. the root cause of my problem is we're having problem accessing 'graph.microsoft.com' from aws china, which causes reuse of Authorization code

0 Votes 0 ·
Foxit-9185 avatar image
0 Votes"
Foxit-9185 answered

The same error in production, but localhost is ok, why, how to fix?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NancyAdmin-0608 avatar image
0 Votes"
NancyAdmin-0608 answered

Running into the same error - we are not reusing the code, but have started seeing this error today. This worked fine previously. Have also confirmed that our secret has not expired.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulMetangale-9479 avatar image
0 Votes"
RahulMetangale-9479 answered HuangChao-8862 commented

Hi @HuangChao-8862

Since you mentioned that app has been working since last two years, one possible issue could be secret has expired. Please note down the client id, now navigate to Azure AD - App registration - search for the application (you can enter the copied client id). Once you find the application select the application - select certificate & Secret - under client secret see if the secret has expired. If yes then create a new secret and update your configuration.

I hope this helps.

Thanks,
Rahul

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

the secrete is valid, i can confirm that. the root cause of my problem is we're having problem accessing 'graph.microsoft.com' from aws china

0 Votes 0 ·