iOS AppAuth authorization code expires immediately

Question

I am using the iOS Swift AppAuth package to obtain an authorization code. However, it appears to expire immediately, rendering it unusable. The authorization code retrieved using the same AppAuth package on a SPA using React works fine. Both authorization codes look to be in the same format. The only difference between the two is that they have different redirect URIs configured in my registered app in the Azure portal. When I try to use the token coming from iOS, I get the following error:

Microsoft Entra ID error '(invalid_grant) AADSTS70000: The provided value for the 'code' parameter is not valid. The code has expired. Trace ID: d2XXXXXXXXXXXXXXXXX Correlation ID: 072c2XXXXXXXXXXXXXXXXXXXXX Timestamp: 2024-02-22 16:55:55Z'

Can anyone suggest what could be causing this issue?

Answer 1

The error message you received indicates that the authorization code has expired. The OAuth 2.0 specification requires that an authorization code can only be used once to redeem an access token. If you attempt to use the same authorization code multiple times, you will receive an error similar to the one you encountered. It's possible that the authorization code you received on the iOS app has already been used to redeem an access token, which is why it's no longer valid.

Additionally, the redirect URI configured in the iOS app may not match the one registered in the Azure portal, which could also cause the error. Make sure that the redirect URI configured in your iOS app matches the one registered in the Azure portal.

---

References:

• Authentication flow support in MSAL
• Error AADSTS50011 with OpenID authentication: The redirect URI specified in the request does not match