@Hernán Castellani , Thanks for providing further details.
I had configured "API Management service" in my subscription and enabled OAuth2 service support as detailed here so I was able to reproduce the same behavior when I tried to request "authorization_code" with my "API Management service Redirect URI" like: https://testsiv****.developer.azure-api.net/signin-oauth/code/callback/oauthserver
as shown below:
Further investigation found that when we sent authorization_code to API Management service endpoint like /signin-oauth/code/callback/
, which basically uses that code to get accessToken by default using javascript, you could verify this by going to "View page source" on browser as shown below, this would make sense why we get error: invalid_grant AADSTS54005 OAuth2 Authorization code was already redeemed
.
So, if you want to obtain an authorization token to consume a published API in Azure API Management, try using different Redirect URI
where your app would consume code (for an example http://localhost for testing purpose) while requesting code and same url need to be added in Azure AD app registration as well. To learn more about Redirect URI (reply URL) restrictions and limitations.
Hope this helps.
-----
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.