Facebook: “This authorization code has been used.”,“type”:“OAuthException”,“code”:100

Question

I just upgraded to PHP 5.4.19 and facebook-php-sdk-v4.

Is it just me or has FB made the integration deliberately difficult?! For instance, I don\'t use Composer (ca

Answer 1

Ladies and Gentlemen, I resolved it all - I just needed to use $access_token = $session->getToken();. This helped me negate the call for code exchange which was causing OAuthException because Facebook has since changed their policy on the exchange code from being used more than once.

Now "App Secret Proof for Server API calls" is properly enabled under the App advanced settings tab as recommended by Facebook.

So the specific solution in complete:

$app_id = 'APPID'; $app_secret = 'APPSECRET';
FacebookSession::setDefaultApplication($app_id, $app_secret);
$redirect_url = "https://mydomain.com/login";
$helper = new FacebookRedirectLoginHelper($redirect_url);

try {
    $session = $helper->getSessionFromRedirect();
} catch (FacebookRequestException $ex) {
} catch (Exception $ex) {
}

if (isset($session)) {
    $access_token = $session->getToken();
    $appsecret_proof = hash_hmac('sha256', $access_token, $app_secret);
    $request = new FacebookRequest($session, 'GET', '/me', array("appsecret_proof" =>  $appsecret_proof));
    $response = $request->execute();
    $graphObject = $response->getGraphObject();

   echo print_r($graphObject, 1);
} else {
    echo '<a href="' . $helper->getLoginUrl() . '">Login</a>';
}