Facebook OAuthException: This authorization code has been used

facebook omniauth koala

Kapil Gupta · Dec 7, 2012 · Viewed 7.4k times · Source

This question is related to this question already asked.

Does this Facebook change mean that we have to store the user token returned the first time and reuse that for all subsequent Facebook requests? What happens if we do not store this user token - can we request it again? If yes, how do we do that?

Also, when does the user token expire, if it ever expires?

Answer

This documentation shows how to get data about an access_token. You make a call to:

https://graph.facebook.com/debug_token?input_token=INPUT_TOKEN&access_token=ACCESS_TOKEN

Best practice is to store an access token and its expiration. This documentation shows how to extend a session.

Note this quote found in the 2nd link:

When a user completes a client-side auth flow and you retrieve their User Access Token, by default you'll receive a short-lived token that is only valid for 1-2 hours. There is no Javascript SDK function to help extend this, however, you can exchange this token for a longer lived one (valid to 60 days)

Facebook OAuthException: This authorization code has been used

Answer

Related questions