Dealing with Oauth 2.0-facebook gem error 100: This authorization code has been used

前端 未结 6 1481
囚心锁ツ
囚心锁ツ 2021-02-07 05:44

I have been working on setting up facebook authentication for my rails app and while testing, after logging-in with my facebook account, I keep getting this error:



        
相关标签:
6条回答
  • 2021-02-07 06:22

    This bug occurred just after the last facebook push and has been reported to facebook just this morning.

    So I guess we just have to wait and, in the meantime, post more details to this report and follow it to both help and solicit facebook folks to solve this issue!

    0 讨论(0)
  • 2021-02-07 06:41

    I had this issue as well. I was seeing the "(facebook) Callback phase initiated." message twice in my Rails logs. It turns out that I was initializing FB authentication twice (I am using Devise and Omniauth-Facebook), and I'm guessing one of these was attempting to reset the access token.

    Disabling the initializer in Omniauth-Facebook (config/initializers/omniauth.rb) fixed my issue.

    0 讨论(0)
  • 2021-02-07 06:42

    I was incorrectly initializing OmniAuth twice, calling config/initializers/omniauth.rb twice.

    This would add OmniAuth::Builder twice to the middleware stack. With recent Facebook changes, this started failing with error 100.

    Making sure OmniAuth::Builder got added once I managed to solve this issue.

    To double check your middleware stack, run this:

    rake middleware
    
    0 讨论(0)
  • 2021-02-07 06:44

    I had the same problem and finally found what was the issue in my case. So for those, who has this problem and uses just Omniauth without Devise, the root cause of the problem might be in an incorrect route for redirection.

    1. Check you server development.log
    2. Find where it redirects (grep by "Redirected to")
    3. Here is the main point: Check in the log if the callback URL is correct

    In my case, in routes.rb I had, for example:

    get "mycontroller/home"
    

    which is okay, but in my SessionController I also had:

    def create
        auth_hash = request.env['omniauth.auth']
        user = User.from_omniauth(auth_hash)
        session[:user_id] = user.id
        redirect_to "mycontroller/home"
    end
    

    So I made it working by changing this line in the controller from:

    redirect_to "mycontroller/home"
    

    to

    redirect_to "/mycontroller/home"
    
    0 讨论(0)
  • 2021-02-07 06:45

    This is due to Facebook changes that have been optional up until now but will roll out 12/5/12 for everyone. From the Developer Roadmap for the Dec '12 breaking changes:

    New security restrictions for OAuth authorization codes We will only allow authorization codes to be exchanged for access tokens once and will require that they be exchanged for an access token within 10 minutes of their creation. This is in line with the OAuth 2.0 Spec which from the start has stated that "authorization codes MUST be short lived and single use". For more information, check out our Authentication documentation.

    You'll need to update your app to account for this.

    Cheers

    0 讨论(0)
  • 2021-02-07 06:45

    So I was able to work around this. It seems that my application was processing the facebook authentication, then trying to do it a second time and producing this error. Strange since I was trying to redirect to root_url. In any case, changing the page that I was redirecting to from "root_url" to "/" after storing the user info in my database seemed to make all the difference.

    I would suggest checking your development log to see if you're getting a similar error.

    0 讨论(0)
提交回复
热议问题