Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

I have configured Coder with an azure app to use azure for SSO to coder. when I login via azure I get the following error:

{"message":"Failed exchanging Oauth code.","detail":"oauth2: \"invalid_grant\" \"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Timestamp: 2025-06-04 14:29:08Z\""}

I have tried clearing cache and cookies in my browser to ensure that no old token was kept. This did not change anything.

Relevant Log Output

{"message":"Failed exchanging Oauth code.","detail":"oauth2: \"invalid_grant\" \"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: bff8387f-b14b-4b87-896a-91c417d10f01 Correlation ID: ddc1136b-5bb6-45ae-b231-ea3f8ba19998 Timestamp: 2025-06-04 14:29:08Z\""}

Expected Behavior

I would expect to be able to login successfully to coder via azure SSO

Steps to Reproduce

• create an enterprise app in azure
• enable "assignment required"
• create an azure group for coder users
• assign the azure group to the enterprise app
• set the callback url to https://<fqdn>/api/v2/users/oidc/callback
• generate a secret for the env var "CODER_OIDC_CLIENT_SECRET"
• set CODER_OIDC_CLIENT_ID to the azure application id
• set CODER_OIDC_ISSUER_URL to https://sts.windows.net/<tenant-id>/
• set CODER_OIDC_SCOPES to openid,profile,email,offline_access
• login to coder via Azure SSO

Environment

• Host OS: Kubernetes (ubuntu)
• Coder version: v2.21.3

Additional Context

No response