(RESOLVED) Technical issue Workspace 365
We unfortunately experienced some sign in issues with oAuth2(Azure AD), due to changes made by Microsoft on Azure side the authentication flow was disrupted. Therefor it is not possible to sign in to Workspace 365 in some cases. All platforms could be affected by this.
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS*****: Error validating credentials. AADSTS*****: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.
Our technical team is investigating this issue and we will inform you as soon as possible.
As mentioned before, Microsoft has made changes to the oAuth2 authentication flow starting today. This is a breaking change, but was not announced that way. Due these changes, our implementation of the authentication flow was disrupted. Therefore it was not possible for some users to sign-in to Workspace365. If the users still had valid tokens or had more than 10 sign-ins a day, they weren't affected by this.
This is the regular oAuth2 flow. In our implementation we requested a token twice(red marked area) with the same authorization code. Starting today, Microsoft introduced a change to the behavior of the oAuth2 API which broke the implementation we have been using for over 2 years. In our new implementation we only use the authorization code once.
Everything should be back to normal again. We apologise for any inconvenience this may have caused.
Production is updated. The package for hosters can be downloaded here
Currently updating our production. You could experience some downtime during the update.
We've tested the hotfix and the issue should be fixed. Now building the latest package for updating en distribution.
A hotfix is being prepared. We're now in the phase of testing this hotfix. As soon as this hotfix is stable we're going to deploy this on production and will send out to our partners. All hosters which are hosting Workspace 365 will need to update the Workspace with the new provided package. Please keep this in to consideration.
Our team has found the cause of this issue and is working on a solution.
Try to click the retry button several times. This is refreshing your oAuth2 token.