All geek questions in one place

It is not possible to allow the user in the JS SDK for Facebook: "This authorization code has been used." or how to get a new authorization token?

I am trying to use Facebook to authenticate users. It works fine except for Ajax calls. In most cases, it just sends the old token, and I get:

{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}

So what I tried to do is wrap each ajax call with

 FB.getLoginStatus(function(response) { if (response.status === 'connected') { return fn(); ...

this did not work, so I added: true as the getLoginStatus parameter to prevent caching:

 FB.getLoginStatus(function(response) { if (response.status === 'connected') { console.log('connected'); fn(); } else if (response.status === 'not_authorized') { console.log('not_authorized); } else { console.log('not_logged_in'); } },true);

Excellent! It is also terribly slow. Am I doing something wrong? Can I get a new token after each action, so I don’t have to wait until the next?

Thanks w

+6
source share
1 answer

Here's what Facebook says:

“New security restrictions for OAuth authorization codes. We only allow the exchange of authorization codes for access to access tokens and require that they be exchanged for an access token within 10 minutes of their creation. This is in accordance with the OAuth 2.0 Spec, which from the very beginning stated that “authorization codes MUST be short and one-time.” For more information, check out our authentication documentation.

How to do this, use the extension of your api access token:

https://developers.facebook.com/docs/howtos/login/extending-tokens/

+15
source

Source: https://habr.com/ru/post/943657/

More articles:


All Articles