Can not authorise user in Facebook JS SDK : "This authorization code has been used." or how to get new authorisation token?

wonglik picture wonglik · Apr 25, 2013 · Viewed 33.5k times · Source

I am trying to use Facebook to authenticate users. It works ok except for Ajax calls. Most of the times it just send old token and I get :

{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}

So what I tried doing is wrapping every ajax call with

FB.getLoginStatus(function(response) {
        if (response.status === 'connected') {
            return  fn();
            ...

this did not worked so I've added : true as parameter to getLoginStatus to prevent caching :

FB.getLoginStatus(function(response) {
        if (response.status === 'connected') {
            console.log('connected');
            fn();
        } else if (response.status === 'not_authorized') {
            console.log('not_authorized);
        } else {
            console.log('not_logged_in');
        }
    },true);

Great! Except it is terribly slow. Am I doing something wrong? Can I get new token after each action so I do not need to wait before the next one?

Thanks W

Answer

dacopenhagen picture dacopenhagen · Apr 25, 2013

Here's what Facebook says:

"New security restrictions for OAuth authorization codes. We will only allow authorization codes to be exchanged for access tokens once and will require that they be exchanged for an access token within 10 minutes of their creation. This is in line with the OAuth 2.0 Spec which from the start has stated that "authorization codes MUST be short lived and single use". For more information, check out our Authentication documentation.

The way around this is to use the extending your access token api:

https://developers.facebook.com/docs/howtos/login/extending-tokens/