Share via

How to fix invalid_grant (AADSTS54005) error with next-auth?

김보람 0 Reputation points
2024-07-29T06:25:32.1666667+00:00

I am experiencing an issue with Azure AD login in my Next.js 14 application using next-auth.
The error message I receive is:

0  | [next-auth][error][OAUTH_CALLBACK_ERROR]
0  | https://next-auth.js.org/errors#oauth_callback_error invalid_grant (AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: 436a2a67-5721-45ab-b57f-96cd6f700e00 Correlation ID: bdd8a262-3185-4836-afb1-613da56f8f36 Timestamp: 2024-07-29 02:15:08Z) {
0  |   error: i: invalid_grant (AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: 436a2a67-5721-45ab-b57f-96cd6f700e00 Correlation ID: bdd8a262-3185-4836-afb1-613da56f8f36 Timestamp: 2024-07-29 02:15:08Z)
0  |       at e.exports (/home/ubuntu/projects/myProjectName/.next/server/app/api/auth/[...nextauth]/route.js:52:35672)
0  |       at Y.grant (/home/ubuntu/projects/myProjectName/.next/server/app/api/auth/[...nextauth]/route.js:52:15036)
0  |       at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
0  |       at async Y.callback (/home/ubuntu/projects/myProjectName/.next/server/app/api/auth/[...nextauth]/route.js:52:2813)
0  |       at async l (/home/ubuntu/projects/myProjectName/.next/server/app/api/auth/[...nextauth]/route.js:19:145828)
0  |       at async Object.c (/home/ubuntu/projects/myProjectName/.next/server/app/api/auth/[...nextauth]/route.js:43:780)
0  |       at async _ (/home/ubuntu/projects/myProjectName/.next/server/app/api/auth/[...nextauth]/route.js:19:128167)
0  |       at async a (/home/ubuntu/projects/myProjectName/.next/server/app/api/auth/[...nextauth]/route.js:43:19595)
0  |       at async e.length.t (/home/ubuntu/projects/myProjectName/.next/server/app/api/auth/[...nextauth]/route.js:43:21005)
0  |       at async /home/ubuntu/projects/myProjectName/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:6:42484 {
0  |     name: 'OAuthCallbackError',
0  |     code: undefined
0  |   },
0  |   providerId: 'azure-ad',
0  |   message: 'invalid_grant (AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: 436a2a67-5721-45ab-b57f-96cd6f700e00 Correlation ID: bdd8a262-3185-4836-afb1-613da56f8f36 Timestamp: 2024-07-29 02:15:08Z)'
0  | }

User's image

This issue only occurs for specific users on the deployed page, while the login process works correctly in the local development environment.

I suspect the problem may be related to the ms authorization code process. Could you help me understand why this error occurs only on the deployed page and for specific users? Any guidance on resolving this issue would be greatly appreciated.

Thank you!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,125 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 7,990 Reputation points Microsoft Vendor
    2024-07-29T19:31:34.0266667+00:00

    Hello @김보람,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, it seems you are encountering the error message "AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token" when trying to access the application. This error indicates that the application is attempting to redeem the same authorization code more than once. Authorization codes are meant to be used only once; trying to reuse them will result in this error. Please initiate a new request to the /authorize endpoint to obtain a fresh authorization code.

    If your app reuses authorization codes to get tokens for multiple resources, we recommend that you use the code to get a refresh token, and then use that refresh token to acquire additional tokens for other resources. Authorization codes can only be used once but refresh tokens can be used multiple times across multiple resources. Any new app that attempts to reuse an authentication code during the OAuth code flow will get an invalid_grant error.

    For more information about refresh tokens, see Refreshing the access tokens.

    You can capture the browser trace while accessing the application and compare the traces from both the working and non-working sessions to observe the behavior.

    Capture a browser trace for troubleshooting

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Thanks,
    Raja Pothuraju.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.