We Keep Coding

Facebook auth serverside calls back 2 times with the same code

On our server-side authentication with Facebook we get a random and weird issue. Facebook calls the call back URL two times with the same code. This is only happening for some users and not on every login.
This is the flow we have implemented on our side: https://developers.facebook.com/…/manually-build-a-login-fl… . We have been using it since the beginning of 2013 and we haven't noticed any issues so far.
And this is the error we get when we are exchanging the code for an access token the second time.
{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100,"fbtrace_id":"traceID"}}
We tried to log this issue as a bug on https://developers.facebook.com/bugs but unfortunately it doesn't work.
It keeps showing unexpected error. Not to mention that i was unable to find the correct bug category.
Any idea on how we can fix this?
Thanks!

Could it be that users are clicking twice to process auth service? Try disabling the button before calling Facebook auth service

What language are you using?
I just had this problem in Ruby using Devise for Rails. I had created an omniauth.rb initializer file, and added a config line item in the devise.rb initializer file.
If you did this too, you can remove the omniauth.rb initializer file and you should be good to go!

Fitbit OAuth 2.0 and Unity Project (RestSharp as well)

I've been trying to get OAuth 2.0 to work correctly. I have managed to make the url that that will do the "deny/allow" for my app by opening a webpage with just
Application.OpenUrl(uri.ToString());
The problem is that I have no idea how to get the redirect and the auth token from the page if the user hits allow. When you hit allow, right now nothing happens it just sits on the page. Checking Networking in chrome debug does have the redirect and token there but it never actually sends it..
I was recommended to use RestSharp but I again have no idea how to use it with Unity as there are lot of resources for Android/iOS PC etc. but I can't get any of them to work for this Unity project...
var client = new RestClient("https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=*clientID*&redirect_uri=http%3A%2F%2FfitRPGcallback&scope=activity%20profile%20sleep%20social");
Debug.Log("client made");
var request = new RestRequest(Method.POST);
request.Resource = ("profile%20sleep%20social");
client.ExecuteAsync(request, response => { Debug.Log("response is : " + response.Content);});
Application.OpenURL(client.BaseUrl.ToString());
In the URL I do have the correct clientID in there as well just not sure what I can and can't show for security reasons etc.
Biggest problem is just having no idea how to get the return value from the webpage after the user hits allow/deny...
Any insights would be super super appreciated cause I just want to start making the actual game but there's not as much point if I can't get this data...

So, I'm posting on a few other applicable questions as well since I have finally figured out my answer.
Unfortunately I'm not using REST so that part is still up in the air BUT I did get it to work with just Fitbit, Unity and a Webview plugin (you will need a webview OR a way to get the initial code back from your first OAuth2 call)
You can find steps here.
http://technicalartistry.blogspot.nl/2015/07/oauth2-unity-and-month-of-cursing.html
EDIT:
So I had to change how I did it because Fitbit changed their ToS where we are no longer allowed to use Webview based Authenticators (which is what I was using in the above blogpost.)
Give this next post a look for how to make an Android Plugin that will grab the Accesstoken from Fitbit's OAuth. This is a FREE way to do it since you make it yourself and it's ezmode :)
http://technicalartistry.blogspot.ca/2016/01/fitbit-unity-oauth-2-and-native.html

redirect_uri and how to host callback.html on SoundCloud?

I am trying to access Soundcloud from a local HTML page on my laptop. I am stuck at the part of hosting "callback.html" as a redirect_uri. The script I am trying to run is the basic Authenication JavaScript from the Soundcloud documentation page:
<script src="http://connect.soundcloud.com/sdk.js"></script>
<script>
// initialize client with app credentials
SC.initialize({
client_id: 'my_client_id',
redirect_uri: 'http://127.0.0.1/Users/Maria/Documents/SoundcloudClient/callback.html'
});
// initiate auth popup
SC.connect(function() {
SC.get('/me', function(me) {
alert('Hello, ' + me.username);
});
});
</script>
This script gets me to the connect pop-up when I launch the page in Chrome and Firefox.
But, once I have logged in as a Soundcloud user, I get the following error:
Oops! Google Chrome could not connect to 127.0.0.1
If I change my redirect_uri to localhost I get the same error.
If I try:
files:///C:/Users/Maria/Documents/SoundcloudThinClient/callback.html
I get a similar error.
I also tried:
ocalhost:3000
and:
localhost:8080
even though I'm not sure what would be listening on those ports.
So, basically, I'm asking what path do I put for callback.html in order for this to work?
I confess I don't know how the redirct_uri actually functions. I looked at the Oauth pages for it, but I don't understand them. I am beginning to think that I can't simply create an HTML page, paste the JavaScript, create a callback.html file and have this work, even though the SC documentation seems to say that this is possible. If so, what steps am I missing?

I am beginning to attempt this. I believe you have to go to the developer site and sign up as having an app. The redirect uri is asked for and the form gives you an API key you can use in your app.
I'm using drupal so, perhaps adding the oath module and using Php to add the api key might work well.

I had the same problem and I think I solved it.
Morning-after-edit: I posted this dead-tired after working towards a solution through the night. Now, the day after, I realize that you were speaking about the general problem, whereof I face a very particular instance. The following only applies directly to registering soundcloudlabs' soundcloud-group-recorder: https://github.com/soundcloudlabs/soundcloud-group-recorder. There is probably a more general principle lurking behind there, though:
First: yes, you do have to register the app as your own at Soundcloud. At least I presumed so. And doing that, you must register correctly where on your server you will place the callback.html file. Take the ClientID assigned to your app and use that in the API intialize procedure.
Now, I'm a novice and know very little coding. But I started looking around in the main file, application.js.
At the top of the file there are two instances of client_id and redirect_uri each. I'm not sure if that serves a purpose or if one is technically superfluous. Through trial and error I found out that replacing the second instance of each with my own data worked.
Then there is groupId and groupUrl, both of which should contain your info, within quotation marks.
After a lot of trial and error, still having trouble getting the thing to run, I looked around and saw that, whereas early in the file, client_id was hooked within SC.initialize, redirect_uri was not. Under the line:
client_id: CLIENT_ID
I added:
redirect_uri: REDIRECT_URI
– with a customary comma in between. And that's it. It runs.

Facebook authentication within a Page Tab

According to the specification here: http://developers.facebook.com/docs/authentication/pagetab/ I want to autorize user with the server-side flow on page tab. I use PHP-SDK.
My redirect_uri parameter is build like that:
https://www.facebook.com/pages/null/PAGE_ID/app_YOUR_APP_ID
and I keep getting:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
I was trying many different settings combinations. Now I have filled fields: App Domains,Site URL,Canvas URL,Secure Canvas URL,Page Tab URL,Secure Page Tab URL but still without success. Addresses are ending with / and are all the same.
Link are build proper by the sdk. I test building it "by hand" without encoding of redirect_uri param and redirect link build like that:
https://www.facebook.com/PAGE_USERNAME/app_YOUR_APP_ID
https://www.facebook.com/pages/Page_Title/PAGE_ID?sk=app_YOUR_APP_ID
Can someone tell me what i'm doing wrong?

The answer to that question is that facebook documentation is incorrect. Format of return_uri that worked is:
https://www.facebook.com/pages/null/PAGE_ID?sk=app_YOUR_APP_ID

The format of return_uri changed again, the new format is:
https://www.facebook.com/PAGE_NAME?sk=app_YOUR_APP_ID

Codeigniter Facebook app POST method AND query_string

I have a toy facebook app I'm playing with so I can understand how it all works. It's fine if you go the the app like this: http://apps.facebook.com/pushup-challenge/ (and connect it). But if you then go to it from your facebook page, FB uses the URL http://apps.facebook.com/pushup-challenge/?ref=bookmarks.
In my log file, I see that FB is POSTing the data and including the /?ref=bookmarks to it's call to my codeigniter system. This is causing it to either say "invalid URI parameters" or give me a 404, depending on if I've edited the system/core/URI.php file to add rawurlencode() to a particular call.
I've tried using mod_rewrite to get rid of the query_string, too, but since it's POSTing, it doesn't appear to be working (though I'm not exactly sure why).
Has anyone else run into this? How did you fix it?
Thanks in advance,
Hans

try $config['uri_protocol'] = “PATH_INFO”; and set enable_query_strings = TRUE
or
set
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-?=';
in config.php

Because it isn't calling your file by name (just ?ref=bookmarks) the server runs thru the standard default files: index.htm, index.html, index.asp. Because you need to accept a POST, you need a server that allows POSTs to htm & html if you choose to use those. Index.asp will accept POSTs on most servers, and that works for me.
SOLUTION: Add a file (index.asp), that calls the real app that you named in the App settings.