diff --git a/src/runtime/server/lib/oauth/azureb2c.ts b/src/runtime/server/lib/oauth/azureb2c.ts
index 71da9e28..314d2754 100644
--- a/src/runtime/server/lib/oauth/azureb2c.ts
+++ b/src/runtime/server/lib/oauth/azureb2c.ts
@@ -81,8 +81,9 @@ export function defineOAuthAzureB2CEventHandler({ config, onSuccess, onError }:
     config.scope = [...new Set(config.scope)]
 
     // Create pkce verifier
-    const verifier = await handlePkceVerifier(event)
-    const state = await handleState(event)
+    const onlyConsume = !!query.code
+    const verifier = await handlePkceVerifier(event, { onlyConsume })
+    const state = await handleState(event, { onlyConsume })
 
     if (!query.code) {
       // Redirect to Azure B2C Oauth page
diff --git a/src/runtime/server/lib/oauth/kick.ts b/src/runtime/server/lib/oauth/kick.ts
index 016efa56..19d894d0 100644
--- a/src/runtime/server/lib/oauth/kick.ts
+++ b/src/runtime/server/lib/oauth/kick.ts
@@ -61,7 +61,8 @@ export function defineOAuthKickEventHandler({ config, onSuccess, onError }: OAut
     }
 
     // Create pkce verifier
-    const verifier = await handlePkceVerifier(event)
+    const onlyConsume = !!query.code
+    const verifier = await handlePkceVerifier(event, { onlyConsume })
 
     const redirectURL = config.redirectURL || getOAuthRedirectURL(event)
 
diff --git a/src/runtime/server/lib/oauth/zitadel.ts b/src/runtime/server/lib/oauth/zitadel.ts
index c2a85993..e8219921 100644
--- a/src/runtime/server/lib/oauth/zitadel.ts
+++ b/src/runtime/server/lib/oauth/zitadel.ts
@@ -70,8 +70,9 @@ export function defineOAuthZitadelEventHandler({ config, onSuccess, onError }: O
     const redirectURL = config.redirectURL || getOAuthRedirectURL(event)
 
     // Create pkce verifier
-    const verifier = await handlePkceVerifier(event)
-    const state = await handleState(event)
+    const onlyConsume = !!query.code
+    const verifier = await handlePkceVerifier(event, { onlyConsume })
+    const state = await handleState(event, { onlyConsume })
 
     if (!query.code) {
       config.scope = config.scope || ['openid']
diff --git a/src/runtime/server/lib/utils.ts b/src/runtime/server/lib/utils.ts
index 699eda29..8777c702 100644
--- a/src/runtime/server/lib/utils.ts
+++ b/src/runtime/server/lib/utils.ts
@@ -181,10 +181,15 @@ function getRandomBytes(size: number = 32) {
   return getRandomValues(new Uint8Array(size))
 }
 
-export async function handlePkceVerifier(event: H3Event) {
+export async function handlePkceVerifier(
+  event: H3Event,
+  { onlyConsume }: { onlyConsume?: boolean } = {},
+) {
   let verifier = getCookie(event, 'nuxt-auth-pkce')
   if (verifier) {
     deleteCookie(event, 'nuxt-auth-pkce')
+  }
+  if (onlyConsume) {
     return { code_verifier: verifier }
   }
 
@@ -204,10 +209,12 @@ export async function handlePkceVerifier(event: H3Event) {
   }
 }
 
-export async function handleState(event: H3Event) {
+export async function handleState(event: H3Event, { onlyConsume }: { onlyConsume?: boolean } = {}) {
   let state = getCookie(event, 'nuxt-auth-state')
   if (state) {
     deleteCookie(event, 'nuxt-auth-state')
+  }
+  if (onlyConsume) {
     return state
   }