Azure ADB2C | PKCE Flow

Question

Abhay Chandramouli 1,056

Hi

I just wanted to know

I am working on a pkce flow of getting a token from adb2c custom policy user sign in flow

So i hit /authorize and get the auth code after login
use the auth code with code challenge to hit /token and get the access token

just wanted to know how many times can I hit the /token api with the same auth code ?
is there a limit ?
what is the limit ?

Accepted answer

0 additional answers

Answer 1

Shweta Mathur 30,301 Microsoft Employee Moderator

Thanks for reaching out.

Authorization code are very short lived. Typically, they expire after 10 minutes. You can use them to redeem the token from token endpoint only once.

Once you get the token, next time you will get the below error when trying to redeem the token from same authorization code:

"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token"

Hope this will help.

Thanks,
Shweta

------------------------------------

Please remember to "Accept Answer" if answer helped you.

Abhay Chandramouli 1,056 Reputation points

2022-12-15T10:49:53.97+00:00

Hi Shweta,
Thanks for the answer,

just a question to confirm, can we get token multiple times before expiry ?

Thanks,
Shweta Mathur 30,301 Reputation points Microsoft Employee Moderator

2022-12-15T18:01:28.337+00:00

From one authorization code, we can only redeem token once.