Azure ADB2C | PKCE Flow

Abhay Chandramouli 1,056 Reputation points
2022-12-13T18:24:47.77+00:00

Hi

I just wanted to know

I am working on a pkce flow of getting a token from adb2c custom policy user sign in flow

So i hit /authorize and get the auth code after login
use the auth code with code challenge to hit /token and get the access token

just wanted to know how many times can I hit the /token api with the same auth code ?
is there a limit ?
what is the limit ?

Microsoft Security Microsoft Entra Microsoft Entra External ID
{count} votes

Accepted answer
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2022-12-15T10:43:07.6+00:00

    Hi @Abhay Chandramouli ,

    Thanks for reaching out.

    Authorization code are very short lived. Typically, they expire after 10 minutes. You can use them to redeem the token from token endpoint only once.

    Once you get the token, next time you will get the below error when trying to redeem the token from same authorization code:

    "AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token"

    Hope this will help.

    Thanks,
    Shweta

    ------------------------------------

    Please remember to "Accept Answer" if answer helped you.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.