diff --git a/lib/omniauth/strategies/microsoft_graph.rb b/lib/omniauth/strategies/microsoft_graph.rb
index 3cef1c4..1d23781 100644
--- a/lib/omniauth/strategies/microsoft_graph.rb
+++ b/lib/omniauth/strategies/microsoft_graph.rb
@@ -83,6 +83,10 @@ def custom_build_access_token
       def get_access_token(request)
         verifier = request.params['code']
         redirect_uri = request.params['redirect_uri'] || request.params['callback_url']
+
+        log_message("[OAUTH DEBUG 2024-09-24] request.body.read: #{request.body.read}")
+        request.body.rewind
+
         if verifier && request.xhr?
           client_get_token(verifier, redirect_uri || '/auth/microsoft_graph/callback')
         elsif verifier
@@ -131,6 +135,10 @@ def verify_token(access_token)
       def verify_email(auth_hash, access_token)
         OmniAuth::MicrosoftGraph::DomainVerifier.verify!(auth_hash, access_token, options)
       end
+
+      def log_message(message)
+        puts message
+      end
     end
   end
 end
diff --git a/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb b/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb
index b87a84c..dc5df6e 100644
--- a/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb
+++ b/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb
@@ -315,11 +315,14 @@
   end
 
   describe 'build_access_token' do
+    let(:body) { StringIO.new(%({"code":"json_access_token"})) }
+
     it 'should use a hybrid authorization request_uri if this is an AJAX request with a code parameter' do
       allow(request).to receive(:scheme).and_return('https')
       allow(request).to receive(:url).and_return('https://example.com')
       allow(request).to receive(:xhr?).and_return(true)
       allow(request).to receive(:params).and_return('code' => 'valid_code')
+      allow(request).to receive(:body).and_return(body)
 
       client = double(:client)
       auth_code = double(:auth_code)
@@ -337,6 +340,7 @@
       allow(request).to receive(:url).and_return('https://example.com')
       allow(request).to receive(:xhr?).and_return(true)
       allow(request).to receive(:params).and_return('code' => 'valid_code', 'callback_url' => 'localhost')
+      allow(request).to receive(:body).and_return(body)
 
       client = double(:client)
       auth_code = double(:auth_code)
@@ -354,6 +358,7 @@
       allow(request).to receive(:url).and_return('https://example.com')
       allow(request).to receive(:xhr?).and_return(false)
       allow(request).to receive(:params).and_return('code' => 'valid_code', 'callback_url' => 'callback_url')
+      allow(request).to receive(:body).and_return(body)
 
       client = double(:client)
       auth_code = double(:auth_code)
@@ -370,6 +375,7 @@
       allow(request).to receive(:url).and_return('https://example.com')
       allow(request).to receive(:xhr?).and_return(false)
       allow(request).to receive(:params).and_return('access_token' => 'valid_access_token')
+      allow(request).to receive(:body).and_return(body)
       expect(subject).to receive(:verify_token).with('valid_access_token').and_return true
       expect(subject).to receive(:client).and_return(:client)
 
@@ -380,7 +386,6 @@
     end
 
     it 'reads the code from a json request body' do
-      body = StringIO.new(%({"code":"json_access_token"}))
       client = double(:client)
       auth_code = double(:auth_code)
 
@@ -403,6 +408,7 @@
       allow(request).to receive(:xhr?).and_return(false)
       allow(request).to receive(:params).and_return('code' => 'valid_code')
       allow(request).to receive(:content_type).and_return('application/x-www-form-urlencoded')
+      allow(request).to receive(:body).and_return(body)
 
       client = double(:client)
       auth_code = double(:auth_code)