I have this error (TokenError: Bad Request) on prod, but not always just sometimes we catch it, and I wondering what the reason, my investigation result is that inside passport logic we make request to Google to try get token and get broken response, finally I could reproduce the error, during Google login process, front send request to back like this (http://localhost:3000/auth/google/redirect?code=4%2F0Ad....) the key is the code parameter, so if we try to make the request second time with the same code we get the error.
I suppose it happens because we already used code to authorize user, but main question WHY AND HOW it happens on front-end, why we make this request second time it is mystery for me, and additionally I reproduce the error accidentally, I found URL in Chrome history it was yesterday but today the URL is gone) can't find it, some thoughts?
I work with Node.js v16, nestjs v9.0, nestjs/passport v9.0, passport-google-oauth20 V2.0, passport-jwt - V4.0
My investigation results are:
- The browser can send second request when for a long time have no response
- The browser can send second request when we try to send request using HTTP but not HTTPS, and depends on server setting browser can modify request and send it second time