We have built the Shopify payments app and we have an issue that occurs whenever this one store admin clicks “Manage” button on the payment providers settings page. The issue we are seeing is that the Shopify triggers multiple requests to our app which triggers the onboarding flow (https://shopify.dev/apps/payments/onboarding-a-merchant-payments-apps), in which after OAuth we are exchanging the code for permanent access token as described in the docs (https://shopify.dev/apps/auth/oauth/getting-started#step-5-get-a-permanent-access-token)).
However the Shopify OAuth callbacks both have the same code so the second invocation of the "POST https://{shop}.myshopify.com/admin/oauth/access_token?client_id={API_KEY}&client_secret={API_SECRET_KEY}&code={authorization_code}" fails with status 400 and error Oauth error invalid_request: The authorization code was not found or was already used
Id of the first POST request that succeeded - ‘x-request-id’: [ ‘0c1c9a6c-5827-4c50-8609-b6704bf26e04’ ]
Id of the second POST request that failed because the code was already used by the first request - ‘x-request-id’: [ ‘70ff6376-e04b-4329-9a9d-22264da76d78’ ]
Note that this issue is happening in the live env for the real merchant so please look into this as soon as possible.