I'm testing a custom app.
I have noticed that during installation of the app and generally during the oauth flow, the oauth callback url is called twice, with same code, but different timestamp.
There are a few seconds between the calls,
In the first call, I can use the code to get an access token, but during the second call I get the error that the code has been used before or is empty.
I think it has to do with the app loading inside the iframe, since it does not happen if I redirect at the top level, out of the iframe.
Any clues are much appreciated !