-
Notifications
You must be signed in to change notification settings - Fork 992
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth2 Authorization code was already redeemed please retry with a new valid code or use an existing refresh token #664
Comments
More information, the issue happnes after 23 hours in prduction. Recycling the IIS pool does not resolve the issue. However, if I do a full depoyment resloves the issue. Futhermore, it affects all users at the same time that are using the orgnastaions AD authicatiuion for the app. |
@kastroph : I think this might be due to this issue: See AzureAD/microsoft-identity-web#1995 (comment) and the following conversations, for the description of the problem and the workaround, until .NET 7 releases a patch. |
@jmprieur Thank you for your reply. I was actually following AzureAD/microsoft-identity-web#1995 (comment). I tried the workaround but it has no effect on the issue, this is why I have raised a new issue as it might be something different and we are getting close to the next patch release date. This has been driving me nuts for the last two weeks trying to force Web Identity to work in production or fail in development so I can inspect the mode of failure |
You mentioned that this is with .NET 7.1. Where did you get it? I'm only aware of .NET 7.0.2. Also which version of Microsoft.Identity.Web are you using? |
Sorry @jmprieur I meant 7.0.2 (typo) |
@kastroph: Do you mind trying with 2.0.8-preview? We've changed the way we were handling options. This might work better? |
@jmprieur Not at all, I have tested in devlopment and pushed it to production. I will moniter metrics for the next 72 hours and see if this resoves the issue. |
Thanks @kastroph |
@jmprieur After, about 36 hours in production. I'm starting to see OAuth2 Authorization code+ was+ already redeemed The push to production for 2.0.8-preview happened on 01/18/2023, 00:24 I found this in our logs 01/19/2023 12:29:44 False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 6.3.9600 [2023-01-19 12:29:44Z - 540e8137-dc80-4067-acb6-89ae48515e7b] Only in-memory caching is used. The cache is not persisted and will be lost if the machine is restarted. It also does not scale for a web app or web API, where the number of users can grow large. In production, web apps and web APIs should use distributed caching like Redis. See https://aka.ms/msal-net-cca-token-cache-serialization 01/19/2023 12:29:44 False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.0 Microsoft Windows 6.3.9600 [2023-01-19 12:29:44Z - 540e8137-dc80-4067-acb6-89ae48515e7b] Exception type: Microsoft.Identity.Client.MsalUiRequiredException at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext) |
@kastroph |
@jmprieur, Just wanted to check is there fix available in .NET 6.0 SDK? as still .NET 6.0 is LTS until application gets migrated to .NET 7.0 OR direct .NET 8.0... |
This issue is for a: (mark with an
x
)The issue was found for the following scenario:
Please add an 'x' for the scenario(s) where you found an issue
Repro-ing the issue
Repro steps
This only happens in production
Expected behavior
Provide a valid authentication response
Actual behavior
Microsoft retunes Since updating to dot net 7 we keep seeing this error in production. This was working fine in dot net 6.
"OAuth2 Authorization code was already redeemed please retry with a new valid code or use an existing refresh token"
Possible Solution
Additional context/ Error codes / Screenshots
Any log messages given by the failure
Add any other context about the problem here, such as logs.
OS and Version?
Versions
Attempting to troubleshooting yourself:
Mention any other details that might be useful
The text was updated successfully, but these errors were encountered: