I am trying to use Facebook to authenticate users. It works ok except for Ajax calls. Most of the times it just send old token and I get :
{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}
So what I tried doing is wrapping every ajax call with
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
return fn();
...
this did not worked so I've added : true as parameter to getLoginStatus to prevent caching :
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
console.log('connected');
fn();
} else if (response.status === 'not_authorized') {
console.log('not_authorized);
} else {
console.log('not_logged_in');
}
},true);
Great! Except it is terribly slow. Am I doing something wrong? Can I get new token after each action so I do not need to wait before the next one?
Thanks W
Here's what Facebook says:
"New security restrictions for OAuth authorization codes. We will only allow authorization codes to be exchanged for access tokens once and will require that they be exchanged for an access token within 10 minutes of their creation. This is in line with the OAuth 2.0 Spec which from the start has stated that "authorization codes MUST be short lived and single use". For more information, check out our Authentication documentation.
The way around this is to use the extending your access token api:
https://developers.facebook.com/docs/howtos/login/extending-tokens/