Dealing with Oauth 2.0-facebook gem error 100: This authorization code has been used
Question
I have been working on setting up facebook authentication for my rails app and while testing, after logging-in with my facebook account, I keep getting this error:
OAuth2::Error:
{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}
I'm not really sure where to begin with this, but can't seem to find anything else online about it. Any guidance would be appreciated, happy to provide more info if it would be useful.
6 answers
solution1
17 2012-12-10 10:37:04
I had this issue as well. I was seeing the "(facebook) Callback phase initiated." message twice in my Rails logs. It turns out that I was initializing FB authentication twice (I am using Devise and Omniauth-Facebook), and I'm guessing one of these was attempting to reset the access token.
Disabling the initializer in Omniauth-Facebook (config/initializers/omniauth.rb) fixed my issue.
solution2
7 2012-12-03 19:11:01
This is due to Facebook changes that have been optional up until now but will roll out 12/5/12 for everyone. From the Developer Roadmap for the Dec '12 breaking changes:
New security restrictions for OAuth authorization codes We will only allow authorization codes to be exchanged for access tokens once and will require that they be exchanged for an access token within 10 minutes of their creation. This is in line with the OAuth 2.0 Spec which from the start has stated that "authorization codes MUST be short lived and single use". For more information, check out our Authentication documentation.
You'll need to update your app to account for this.
Cheers
solution3
2 ACCPTED 2012-07-10 10:56:54
This bug occurred just after the last facebook push and has been reported to facebook just this morning.
So I guess we just have to wait and, in the meantime, post more details to this report and follow it to both help and solicit facebook folks to solve this issue!
solution4
1 2013-01-02 18:35:20
I was incorrectly initializing OmniAuth twice, calling config/initializers/omniauth.rb twice.
This would add OmniAuth::Builder twice to the middleware stack. With recent Facebook changes, this started failing with error 100 .
Making sure OmniAuth::Builder got added once I managed to solve this issue.
To double check your middleware stack, run this:
rake middleware
solution5
1 2014-03-11 05:53:31
I had the same problem and finally found what was the issue in my case. So for those, who has this problem and uses just Omniauth without Devise, the root cause of the problem might be in an incorrect route for redirection.
- Check you server development.log
- Find where it redirects (grep by "Redirected to")
- Here is the main point: Check in the log if the callback URL is correct
In my case, in routes.rb I had, for example:
get "mycontroller/home"
which is okay, but in my SessionController I also had:
def create
auth_hash = request.env['omniauth.auth']
user = User.from_omniauth(auth_hash)
session[:user_id] = user.id
redirect_to "mycontroller/home"
end
So I made it working by changing this line in the controller from:
redirect_to "mycontroller/home"
to
redirect_to "/mycontroller/home"
solution6
0 2012-07-11 02:14:12
So I was able to work around this. It seems that my application was processing the facebook authentication, then trying to do it a second time and producing this error. Strange since I was trying to redirect to root_url. In any case, changing the page that I was redirecting to from "root_url" to "/" after storing the user info in my database seemed to make all the difference.
I would suggest checking your development log to see if you're getting a similar error.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.