About week ago Facebook login on my website worked correctly, but now when I’m trying retrieve access token using “code” I get error “This authorization code has been used“. I’ve checked a lot of docs and suggestions, but without any result.
Steps to reproduce(used FB PHP SDK):
-
Send user to FB auth with correct urlencoded return uri(with trailing slash):
https://www.facebook.com/dialog/oauth?client_id=[my_cid]&redirect_uri=http%3A%2F%2Fmydomain.com%2Fauth%2Ffacebook%2F&state=e15e0894cd922098f9f8f340c820538d&scope=email&display=page -
Receiving code param on my redirect uri(everything goes fine)
-
Sending request for access token:
https://graph.facebook.com/oauth/access_token?client_id=[my_cid]&redirect_uri=http%3A%2F%mydomain.com%2Fauth%2Ffacebook%2F&client_secret=[my_secret]&code=[long_code_goes_here]
I tried also not urlencoded redirect_uri.
Why?
This is due to Facebook changes that have been optional up until now but will roll out 12/5/12 for everyone. From the Developer Roadmap for the Dec ’12 breaking changes:
So, when you first get an access_token for a user, you need to store it and then explicitly set it the next time the user needs to interact with the FBAPI: $facebook->setAccessToken($theToken);