AADSTS54005: OAuth2 Authorization code was already redeemed
Closed this issue · 11 comments
After logging in with Azure AD I am experiencing the same issue described here: https://social.msdn.microsoft.com/Forums/azure/en-US/4192e141-309a-4dd6-a5c9-f1a8ce32f4ca/aadsts54005-oauth2-authorization-code-was-already-redeemed?forum=WindowsAzureAD
Any news on this ?
Can you share more details on the issue? I'm not able to reproduce it.
- Are you using the latest version of the provider?
- Which version of DNN are you using?
- Did you follow the latest setup instructions for the Azure AD provider? (only using one App Registration on Azure)
- The issue happens just after login, or after browsing the site for around 1 hour?
Can you check on the DNN Eventlogs for an error like this one?
Message:There was an error processing the credentials. Contact your system administrator.
StackTrace:
InnerMessage:There was an error processing the credentials. Contact your system administrator.
InnerStackTrace:
at DotNetNuke.Authentication.Azure.Components.AzureClient.GetToken(String responseText) at DotNetNuke.Services.Authentication.OAuth.OAuthClientBase.ExchangeCodeForToken() at DotNetNuke.Services.Authentication.OAuth.OAuthClientBase.AuthorizeV2() at DotNetNuke.Services.Authentication.OAuth.OAuthLoginBase.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Weird issue. I have a customer with a similar symptom you mention, but can't verify if it is the same issue, I'm going to download the DNN code base for the particular version the customer has because the OAuth request is done on the DNN code and the response arrives empty to the Azure provider.
Other interesting issue is that this happens with some users, while not with others. I will keep investigating but any info you can share like the one above will help.
2018-11-19 12:52:50.432-05:00 [CCGWEB1][D:2][T:59][ERROR] DotNetNuke.Services.Authentication.OAuth.OAuthClientBase - WebResponse exception: {"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.\r\nTrace ID: 9df0210d-bf9f-45d9-b19b-b326453e6400\r\nCorrelation ID: 48ac1682-e414-42c2-9eac-f1d6114e8648\r\nTimestamp: 2018-11-19 17:52:50Z","error_codes":[70002,54005],"timestamp":"2018-11-19 17:52:50Z","trace_id":"9df0210d-bf9f-45d9-b19b-b326453e6400","correlation_id":"48ac1682-e414-42c2-9eac-f1d6114e8648"}
2018-11-19 12:52:50.718-05:00 [CCGWEB1][D:2][T:59][FATAL] DotNetNuke.Framework.PageBase - An error has occurred while loading page.
System.Exception: There was an error processing the credentials. Contact your system administrator.
at DotNetNuke.Authentication.Azure.Components.AzureClient.GetToken(String responseText)
at DotNetNuke.Services.Authentication.OAuth.OAuthClientBase.ExchangeCodeForToken()
at DotNetNuke.Services.Authentication.OAuth.OAuthClientBase.AuthorizeV2()
at DotNetNuke.Services.Authentication.OAuth.OAuthLoginBase.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Ok, I was able to reproduce the issue with one of the Azure AD users (interesting that with other users don't happen):
- For some reason, I see two webrequests on DNN on the ExchangeCodeForToken call. The first one works, the second fails with the error
- This happens on certain users
Finally found the issue: the webrequest that lands on the DNN website after the Azure login redirection, causes two "ExchangeCodeForToken" requests (the first one is accepted, but the second is invalid because the code was already processed, as per October 10th update). I'm creating an updated release package to avoid the second call, that was there since the beginning of the times.
I have packaged a new Release v3.0.1. Can you please double check? I have already installed on my customer website and is now working properly.
https://github.com/davidjrh/dnn.azureadprovider/releases/tag/v3.0.1
I have verified that this is now working on several sites. Going to close the issue, but if you find something else, let me know.
Hi David, Out of curiosity what did you do to fix the issue "Finally found the issue: the webrequest that lands on the DNN website after the Azure login redirection, causes two "ExchangeCodeForToken" requests"?