.png?width=210&height=60&name=zitadel-logo_text-dark%20(1).png){kind=logo}
SSO Login Error with Entra ID: “Authorization Code Already Redeemed”
AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.
Issue Summary:
While configuring SSO login using Microsoft Entra ID with ZITADEL, after registering a new application in Entra ID and attempting the OAuth2 login flow, the following error was returned:
OAuth2 Authorization Code was already redeemed
Root Cause:
This error typically indicates a misconfiguration in how claims are handled by Entra ID during the authorization process. In this case, the new App Registration did not have the acceptMappedClaims flag enabled in its manifest.
Solution:
Update the Entra ID App Registration manifest to include the following setting:
"acceptMappedClaims": true