What causes AADSTS54005?

Client code retries the /token endpoint with the same authorization code after a timeout or transient error. Browser refresh, back-button, or duplicate redirect causes the OAuth callback to fire twice. Load balancer, proxy, or middleware re-sends the callback request to multiple backend instances. Application logic redeems the code, then re-runs the same exchange on a subsequent request instead of caching the resulting tokens. Race condition between concurrent workers/tabs handling the same /callback URL

How do I fix AADSTS54005?

Stop replaying the authorization code — once redeemed, request a fresh token via the stored refresh token against /oauth2/v2.0/token with grant_type=refresh_token. Add idempotency at the OAuth callback: track the 'code' parameter (e.g. in cache/session) and short-circuit if it has already been processed. Inspect logs/network trace for duplicate POSTs to the /token endpoint — fix the retry loop, double-submit, or proxy that re-fires the request. For Power BI / Fabric / ADF service principal scenarios, switch from interactive auth to client_credentials or use MSAL's token cache so codes aren't re-redeemed across runs. If the refresh token is missing or expired, restart the auth flow from /authorize to obtain a brand-new code, then redeem it exactly once

Low severityauthentication

Power BI Error:
AADSTS54005

What does this error mean?

The OAuth2 authorization code was already exchanged for a token; codes are single-use and cannot be redeemed twice.

Common causes

1Client code retries the /token endpoint with the same authorization code after a timeout or transient error
2Browser refresh, back-button, or duplicate redirect causes the OAuth callback to fire twice
3Load balancer, proxy, or middleware re-sends the callback request to multiple backend instances
4Application logic redeems the code, then re-runs the same exchange on a subsequent request instead of caching the resulting tokens
5Race condition between concurrent workers/tabs handling the same /callback URL

How to fix it

1Stop replaying the authorization code — once redeemed, request a fresh token via the stored refresh token against /oauth2/v2.0/token with grant_type=refresh_token
2Add idempotency at the OAuth callback: track the 'code' parameter (e.g. in cache/session) and short-circuit if it has already been processed
3Inspect logs/network trace for duplicate POSTs to the /token endpoint — fix the retry loop, double-submit, or proxy that re-fires the request
4For Power BI / Fabric / ADF service principal scenarios, switch from interactive auth to client_credentials or use MSAL's token cache so codes aren't re-redeemed across runs
5If the refresh token is missing or expired, restart the auth flow from /authorize to obtain a brand-new code, then redeem it exactly once

Frequently asked questions

What does AADSTS54005 mean?

OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes