I have a simple sign-in button that directs the user to:
The callback request handler at CALLBACK_URL
grabs the code
parameter and passes it to:
and expects a response containing the access token (note that REQUEST_URL
is the URL of the incoming redirect from Facebook). This succeeds 99% of the time, but occasionally I get this:
{"error":{"message":"This authorization code has been used.", "type": "OAuthException","code": 100}}
.
I understand that the code can only be used once and has a life-span of 10 minutes, but we are immediately redeeming the code, and our logging indicates we are only sending it for an access token once.
Has anyone else seen this before?
Is it possible Facebook is sending back the wrong error?
in protected function
parseSignedRequest($signed_request
) just before return add these linesThis is a temporary solution and I'm not a Facebook developer.