We Keep Coding

Facebook auth serverside calls back 2 times with the same code

On our server-side authentication with Facebook we get a random and weird issue. Facebook calls the call back URL two times with the same code. This is only happening for some users and not on every login.
This is the flow we have implemented on our side: https://developers.facebook.com/…/manually-build-a-login-fl… . We have been using it since the beginning of 2013 and we haven't noticed any issues so far.
And this is the error we get when we are exchanging the code for an access token the second time.
{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100,"fbtrace_id":"traceID"}}
We tried to log this issue as a bug on https://developers.facebook.com/bugs but unfortunately it doesn't work.
It keeps showing unexpected error. Not to mention that i was unable to find the correct bug category.
Any idea on how we can fix this?
Thanks!

Could it be that users are clicking twice to process auth service? Try disabling the button before calling Facebook auth service

What language are you using?
I just had this problem in Ruby using Devise for Rails. I had created an omniauth.rb initializer file, and added a config line item in the devise.rb initializer file.
If you did this too, you can remove the omniauth.rb initializer file and you should be good to go!

ref=ts on facebook app url cause app not found error

I've create an facebook app and it run smoothly at
https://apps.facebook.com/icoloringstar/
But the problem is: when I search my app name "icoloring star" in facebook, it link to the app at url:
https://apps.facebook.com/icoloringstar/?fb_source=search&ref=ts
Then facebook said that:
App "iColoring Star" is unavailable
The app "iColoring Star" is temporarily unavailable due to an issue with its third-party developer. We are investigating the situation and apologize for any inconvenience.
We found that url part "ref=ts" cause above problem, but really do not know why?
Could you explain me why and how to resolve this problem?
Thank you very much.

It sounds like your code is failing when the ref parameter is supplied in the request path.
I was able to repro this with any arbitrary value in the ref parameter when accessing your app
Check your server logs and and see if you're returning a 500 error to facebook when the request comes in
See if you have any code that parses a ref parameter and check it's not throwing exceptions
Make sure your callback URL in the app settings doesn't also specify a ref parameter or your app may receive two values and/or fail entirely

It means 'Top Search'. User enter a query into the top of search.
There are some ref parameters.. ref=bookmarks for example. I dont know the full list.
Did you put your app on Facebook App Center?

Facebook authentication within a Page Tab

According to the specification here: http://developers.facebook.com/docs/authentication/pagetab/ I want to autorize user with the server-side flow on page tab. I use PHP-SDK.
My redirect_uri parameter is build like that:
https://www.facebook.com/pages/null/PAGE_ID/app_YOUR_APP_ID
and I keep getting:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
I was trying many different settings combinations. Now I have filled fields: App Domains,Site URL,Canvas URL,Secure Canvas URL,Page Tab URL,Secure Page Tab URL but still without success. Addresses are ending with / and are all the same.
Link are build proper by the sdk. I test building it "by hand" without encoding of redirect_uri param and redirect link build like that:
https://www.facebook.com/PAGE_USERNAME/app_YOUR_APP_ID
https://www.facebook.com/pages/Page_Title/PAGE_ID?sk=app_YOUR_APP_ID
Can someone tell me what i'm doing wrong?

The answer to that question is that facebook documentation is incorrect. Format of return_uri that worked is:
https://www.facebook.com/pages/null/PAGE_ID?sk=app_YOUR_APP_ID

The format of return_uri changed again, the new format is:
https://www.facebook.com/PAGE_NAME?sk=app_YOUR_APP_ID

Trying to get OAuth dialog to work

I am at this step in getting my app started in the documentation:
https://developers.facebook.com/docs/appsonfacebook/tutorial/#auth
In there is a code block that (supposedly) forwards the user to a request dialog asking permission to access certain bit of information about them. I've placed this code block into the PHP script that my canvas URL points to, and changed the $app_id and $canvas_page to my application ID and canvas URL respectively. Instead of getting the expected dialog, I receive this following error from facebook:
"An error occurred. Please try again later."
No other details about the error are present. I've tried some variations of the script, and have even tried loading up this URL directly just to see if that would work. Note that I've replaced YOUR_APP_ID and YOUR_CANVAS_PAGE with the appropriate values and made sure that spelling and/or punctuation are correct:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE&scope=email,read_stream
For the redirect URL, I've tried prepending it with http://, https://, and no prefix at all. All with the same result.
My question: is the example in the documentation broken, or is the oauth link provided in the documentation currently down? The vague nature of the error is somewhat frustrating since I can't tell if it's something I'm doing wrong or if it's facebook's oauth function that's at fault.

So, the problem was that instead of using the numeric application ID that facebook assigned for me when I originally created the app as the YOUR_APP_ID parameter in the OAuth URL, I was using the application namespace string. Facebook didn't understand this sort of request, and returned the generic error message.
Once I used the numeric app ID, the OAuth dialog popped up to ask permission to access my account, as expected.

API Error Code: 191 (using ASP.Net)

Guys here is my configuration for my facebook app, please tell me if I'm missing anything:
Basic Info-------------
App Namespace: footygo
App Domain: footygo.com
Website----------------
Site URL: http://www.footygo.com
App on Facebook-------
Canvas URL: http://www.footygo.com/canvas/
Secure Canvas URL: https://www.footygo.com/canvas/
Canvas Page: http://apps.facebook.com/footygo
My application contains a folder named Canvas/ which contains all the facebook pages. The Canvas folder contains two files at the moment, namely: Default.aspx and Setup.aspx
Within my web.config file, I have set the following information:
PostAuthorizeRedirectURL="Setup.aspx"
I also tried varying with PostAuthorizeRedirectURL="Canvas/Setup.aspx" to no avail.
I am consistently getting the following error message:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application.
What is the issue? Do you guys have any ideas? This is my first facebook app, and it's not working out as I thought it would :(
Thank you for your time and patience, and sorry if this question has already been posted numerous times. I went through most (but not all) of the 191 error questions but couldn't find anything of value.
Please let me know if you have any idea about what's going on. My release date is less than 24 hours away!
Humble Regards,
Rowan R.

You need to use the full URL. The redirect_uri must be within the same domain name as what is listed in the settings in Facebook.
PostAuthorizeRedirectURL="http://www.footygo.com/canvas/Setup.aspx"

Thanks for your reply Adam!
However I figured out what was wrong and got it to work! It wasn't the PostAuthorizeRedirectURL, it was actually the URL I was using to access my app!
I was accessing my app using https://apps.facebook.com/xxxxxxxxx where xxxxxxx is my app's id. That did not work (at first). I then tried accessing my app using it's app name, i.e. https://apps.facebook.com/xyz and it worked!
All I can say is... the facebook platform sucks.