Hello @Huang Chao ,
This behavior is to be expected when your application reuses authorization codes to get tokens. I would recommend you to revisit your code and see if your application reuses code.
If your app reuses authorization codes to get tokens for multiple resources, we recommend that you use the code to get a refresh token, and then use that refresh token to acquire additional tokens for other resources. Authorization codes can only be used once, but refresh tokens can be used multiple times across multiple resources. Any new app that attempts to reuse an authentication code during the OAuth code flow will get an invalid_grant error AADSTS54005: OAuth2 Authorization code was already redeemed
.
For more information, read this (article](https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#authorization-codes-can-no-longer-be-reused)
Regards,
Siva Kumar Selvaraj