AADSTS54005: OAuth2 Authorization code was already redeemed #17
Comments
|
Any news on this ? |
|
I placed a ticket with DNN Support (I believe the OAuth flow is their code)
Here is the response:
Thank you for your patience while we were investigating this issue. Whereas we are committed to assisting you with this issue, we have found out that the referenced link (https://github.com/davidjrh/dnn.azureadprovider) is by a third party and the source code has not been updated for a long while. The source code is also open-source. We will not be able to offer a guaranteed immediate solution to the issue now that the solution is not part of DNN.
We at DNN do not have such a solution currently and you may have to involve the source-code owner for customization.
…________________________________
From: Joep Killaars <notifications@github.com>
Sent: Wednesday, November 21, 2018 8:29:16 AM
To: davidjrh/dnn.azureadprovider
Cc: Shane Walker; Author
Subject: Re: [davidjrh/dnn.azureadprovider] AADSTS54005: OAuth2 Authorization code was already redeemed (#17)
Any news on this ?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdavidjrh%2Fdnn.azureadprovider%2Fissues%2F17%23issuecomment-440662078&data=01%7C01%7CWalker.Shane%40columbusga.gov%7C019bac976249442e70ea08d64fb55635%7Cf6bad3c9100144daacffb25808ccd0c4%7C1&sdata=3CvfSuA8EkMh009ZMTycxfLW4vIOQkx%2BSjVNo2owivw%3D&reserved=0>, or mute the thread<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAhck8ETPdS7EZsaI9PTQNV8aJnGtHgtGks5uxVUsgaJpZM4XVgCP&data=01%7C01%7CWalker.Shane%40columbusga.gov%7C019bac976249442e70ea08d64fb55635%7Cf6bad3c9100144daacffb25808ccd0c4%7C1&sdata=B6MNQgywSJaQj4BHpBwPMvIIHvcUukt7klyt9BOqLO8%3D&reserved=0>.
|
|
Can you share more details on the issue? I'm not able to reproduce it.
|
|
Can you check on the DNN Eventlogs for an error like this one? |
|
David,
It’s a complicated issue because Microsoft has directly told me that sites with > 10 Logins per month are granted an exception.
We experienced this issue in Oct. but the day after experiencing it, the exception kicked in because I tried to login to the website like 30 times.
Same thing just happened again this Nov.
The issue occurs when any sign in from Azure is attempted. It fails after the redirect back to the site from Microsoft.
I am using DNN 9.2.
Thanks,
Shane Walker
…________________________________
From: David Rodríguez <notifications@github.com>
Sent: Monday, November 26, 2018 4:48 PM
To: davidjrh/dnn.azureadprovider
Cc: Shane Walker; Author
Subject: Re: [davidjrh/dnn.azureadprovider] AADSTS54005: OAuth2 Authorization code was already redeemed (#17)
Can you share more details on the issue? I'm not able to reproduce it.
* Are you using the latest version of the provider?
* Which version of DNN are you using?
* Did you follow the latest setup instructions for the Azure AD provider? (only using one App Registration on Azure)
* The issue happens just after login, or after browsing the site for around 1 hour?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdavidjrh%2Fdnn.azureadprovider%2Fissues%2F17%23issuecomment-441811546&data=01%7C01%7CWalker.Shane%40columbusga.gov%7Caeb68e3373ef41bd63c008d653e8db40%7Cf6bad3c9100144daacffb25808ccd0c4%7C1&sdata=v%2FBwqd2gB0%2FYUT4bjCx%2Byh%2BmFfoPrLHO5cBb0WkDO1Y%3D&reserved=0>, or mute the thread<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAhck8LzkoocwWZdohUq9feF7uaqHNlhIks5uzGGYgaJpZM4XVgCP&data=01%7C01%7CWalker.Shane%40columbusga.gov%7Caeb68e3373ef41bd63c008d653e8db40%7Cf6bad3c9100144daacffb25808ccd0c4%7C1&sdata=vL5pW2yK7eg%2FToMm15evPwsPq2T%2B0pwhhHBvrE2H08Q%3D&reserved=0>.
|
|
Weird issue. I have a customer with a similar symptom you mention, but can't verify if it is the same issue, I'm going to download the DNN code base for the particular version the customer has because the OAuth request is done on the DNN code and the response arrives empty to the Azure provider. Other interesting issue is that this happens with some users, while not with others. I will keep investigating but any info you can share like the one above will help. |
|
|
Ok, I was able to reproduce the issue with one of the Azure AD users (interesting that with other users don't happen):
Finally found the issue: the webrequest that lands on the DNN website after the Azure login redirection, causes two "ExchangeCodeForToken" requests (the first one is accepted, but the second is invalid because the code was already processed, as per October 10th update). I'm creating an updated release package to avoid the second call, that was there since the beginning of the times. |
|
I have packaged a new Release v3.0.1. Can you please double check? I have already installed on my customer website and is now working properly. https://github.com/davidjrh/dnn.azureadprovider/releases/tag/v3.0.1 |
|
I have verified that this is now working on several sites. Going to close the issue, but if you find something else, let me know. |
|
Hi David, Out of curiosity what did you do to fix the issue "Finally found the issue: the webrequest that lands on the DNN website after the Azure login redirection, causes two "ExchangeCodeForToken" requests"? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After logging in with Azure AD I am experiencing the same issue described here: https://social.msdn.microsoft.com/Forums/azure/en-US/4192e141-309a-4dd6-a5c9-f1a8ce32f4ca/aadsts54005-oauth2-authorization-code-was-already-redeemed?forum=WindowsAzureAD
The text was updated successfully, but these errors were encountered: