AngellusMortis / django_microsoft_auth

Simple app to enable Microsoft Account, Office 365 and Xbox Live authentcation as a Django authentcation backend.
MIT License
137 stars 84 forks source link

AADSTS54005: OAuth2 Authorization code was already redeemed #511

Open soasuk opened 9 months ago

soasuk commented 9 months ago

OS: Ubuntu 18.04.4 django_microsoft_auth 3.0.1 Django 3.2.12 Python 3.8.16 MICROSOFT_AUTH_LOGIN_TYPE = 'ma'

Some users are unable to login and the following error is given:

Exception Type: InvalidGrantError at /microsoft/from-auth-redirect/ Exception Value: (invalid_grant) AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.

This is on a production environment, running on Apache, behind Haproxy locally and F5 appliance SSL termination with load balancing between 2 webservers. The auth backend is subclassed to force HTTPS and do custom name and group handling.

Most users are able to repeatedly login fine, however the affected ones can not login at all. They are able to login to other o365 secured resources. The users have tried use Edge & Chrome to login and tried incognito mode to ensure a new code.

Any ideas?