Oauth error invalid_request: The authorization code was not found or was already used

strike_eng · ‎09-13-2022

We have built the Shopify payments app and we have an issue that occurs whenever this one store admin clicks "Manage" button on the payment providers settings page. The issue we are seeing is that the Shopify triggers multiple requests to our app which triggers the onboarding flow (https://shopify.dev/apps/payments/onboarding-a-merchant-payments-apps), in which after OAuth we are exchanging the code for permanent access token as described in the docs (https://shopify.dev/apps/auth/oauth/getting-started#step-5-get-a-permanent-access-token).

However the Shopify OAuth callbacks both have the same code so the second invocation of the "POST https://{shop}.myshopify.com/admin/oauth/access_token?client_id={API_KEY}&client_secret={API_SECRET_... fails with status 400 and error `Oauth error invalid_request: The authorization code was not found or was already used`

Id of the first POST request that succeeded - 'x-request-id': [ '0c1c9a6c-5827-4c50-8609-b6704bf26e04' ]

Id of the second POST request that failed because the code was already used by the first request - 'x-request-id': [ '70ff6376-e04b-4329-9a9d-22264da76d78' ]

Note that this issue is happening in the live env for the real merchant so please look into this as soon as possible.

jborden13 · ‎10-14-2022

Did you ever get a solution to this? I'm immediately trying to exchange an access code for an authorization token, but it fails. And there's no clear reason why. Are permanent access tokens no longer working or is the documentation incorrect?

Oauth error invalid_request: The authorization code was not found or was already used

Oauth error invalid_request: The authorization code was not found or was already used

Community Blog Articles