Habitica: Facebook "Authorization code has been used"
We're getting a _lot_ of complaints from Facebook-authorized users getting an Application Error or {"err":"This authorization code has been used."} when trying to login with the Facebook button. Their accounts are still intact, no duplicates. I can't replicate on my part, but there's quite a few mentions out there on the web (eg https://github.com/jaredhanson/passport-facebook/issues/93, and others). PS, all complaints have come to me via email instead of GH.
Some possibilities that come to mind:
- Maybe {scope:'email'} causes issues for Facebook-registrations which don't authorize email access? Possibly for users who'd reg'd without that scope, and now we've enabled it it causes issues? (@paglias would you know by chance?)
- We didn't implement passport-facebook quite per it's boilerplate. I've scratched together a quick refactor here that's more to their tune. I don't know that it would make a difference, but it's worth a shot. Before doing that though, @paglias I wanna check with you if this would cause any problems per
req.language? - Maybe something on Facebook's backend has changed recently? I've upgraded
passport-facebookto~1.0.3ee879de, but I didn't see any of its commits addressing Facebook backend changes. This all started occuring ~10/29, and I don't see anything significant in our code right before then re: Facebook.
In the meantime anyone who needs to get into their account now, follow these instructions for me to port your account from FB to local-auth
lefnire
All 25 comments
Maybe it's just that the authorization code they have signed up with have expired?
paglias
on 5 Nov 2014
paglias
on 5 Nov 2014
{scope:email} has been there for quite a long time now so I don't think it could be the cause
paglias
on 5 Nov 2014
Ohhh!, nice lead @paglias! I'll investigate that asap. We're not using the access & refresh tokens at all, and very likely should be.
[Edit] Actually, we're not depending on any tokens in any way in the app. Refreshing access tokens is for apps which maintain connection to Facebook in some way, eg to post on their wall or whatever. Our app just uses it is "login and forget", so all token stuff should be handled automatically by the Facebook page, redirected to by Passport. That being the case, I'd think it's an issue with their browser maintaining the accessToken, and a clear-cache would do the trick - but that's obviously not the case.
lefnire
on 5 Nov 2014
Could someone experiencing this issue try something for me: Remove HabitRPG from your Facebook Apps and try logging in again. Here are the instructions.
lefnire
on 5 Nov 2014
Hi, I've been experiencing this issue since yesterday. I tried removing HabitRPG from my Facebook Apps, but still receive the Application Error.
LivingShinigami
on 5 Nov 2014
I've tried the following:
- Login with an old FB account -> OK
- Delete it, create a new FB account -> OK
- Login with the new account -> OK
The only thing I noticed is that it first redirects you to the static front and from there to the app instead of directly to the app but I don't think it's related
paglias
on 5 Nov 2014
Tried the method @lefnire but no dice. It goes as far as to go to facebook and ask to allow habitRPG to view my facebook profile. After that the same error occurs.
GuiHarrison
on 5 Nov 2014
I've just now pushed a new commit which tries a callback "buster" a la http://stackoverflow.com/questions/19047980/facebook-oauth-login-access-token-api-returning-this-authorization-code-has-b , could y'all try another login attempt?
lefnire
on 5 Nov 2014
Different error code now:
{"err":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"}
LivingShinigami
on 5 Nov 2014
Ok, in the meantime anyone who needs to get into their account now, follow these instructions for me to port your account from FB to local-auth
lefnire
on 5 Nov 2014
I've been having this same issue since yesterday around noon on my desktop. Cleared cache, hard refreshed, signed in and out of facebook, changed the app settings around, etc... and nothing changed. However, I discovered I don't have issues with it when I try it with Firefox instead of my usual Chrome. I've tried Internet Explorer and it is also giving me the same message. On my iPad, I can still access everything through the Chrome app, though I haven't dared to close that window since the issues on my desktop.
LlamaHobbit
on 5 Nov 2014
I've pushed a proof-of-concept of logging in using the Facebook JS SDK (instead of Passport) to beta.habitrpg.com, could someone try that out?
lefnire
on 6 Nov 2014
Yes! It worked in Chrome for me!
LlamaHobbit
on 6 Nov 2014
Yeah!?? Ok, I'll keep at implementing the javascript setup then. Right now it won't work for new registrations (I need to code a bit in for that)
lefnire
on 6 Nov 2014
Oo, won't work on IE. :( It blocked a popup from the Beta, and even though I let it through, it logged me in on FB, and then just went back to the beta static front without logging me in. But Chrome works well with the beta thing. Hooray! and tyvm
LlamaHobbit
on 6 Nov 2014
beta.habitrpg.com worked for me on Chrome and Firefox
chesterguara
on 6 Nov 2014
Voila! Could any devs do a once-over on 8651f0d to make sure I didn't miss anything? @paglias I think I made sure to cover all the req.language requirements
lefnire
on 6 Nov 2014
@lefnire req.language is ok, just tested!
paglias
on 7 Nov 2014
Thanks!
On Fri, Nov 7, 2014 at 12:11 PM, Matteo Pagliazzi [email protected]
wrote:
@lefnire https://github.com/lefnire req.language is ok, just tested!
—
Reply to this email directly or view it on GitHub
https://github.com/HabitRPG/habitrpg/issues/4221#issuecomment-62196112.
lefnire
on 7 Nov 2014
I am seeing this in my app as well. Issue started to come up all of a sudden.
Is there something that I need to be looking at?
FacebookTokenError: This authorization code has been used.
at Strategy.parseErrorResponse (/Applications/MAMP/htdocs/ride/node_modules/passport-facebook/lib/strategy.js:198:12)
at Strategy.OAuth2Strategy._createOAuthError (/Applications/MAMP/htdocs/ride/node_modules/passport-facebook/node_modules/passport-oauth2/lib/strategy.js:345:16)
at /Applications/MAMP/htdocs/ride/node_modules/passport-facebook/node_modules/passport-oauth2/lib/strategy.js:171:43
at /Applications/MAMP/htdocs/ride/node_modules/passport-facebook/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:177:18
at passBackControl (/Applications/MAMP/htdocs/ride/node_modules/passport-facebook/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:124:9)
at IncomingMessage.<anonymous> (/Applications/MAMP/htdocs/ride/node_modules/passport-facebook/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:143:7)
at IncomingMessage.emit (events.js:117:20)
at _stream_readable.js:944:16
at process._tickCallback (node.js:442:13)
amitverma
on 25 May 2015
@amitverma Since it sounds like you're having an issue with your own app, and not Habit, I would look at the passport issue listed above: https://github.com/jaredhanson/passport-facebook/issues/93
crookedneighbor
on 25 May 2015
I solved this error. Follow the progress.
Facebook Log in -> Settings -> Apps -> Logged in with Facebook -> Delete Your apps.
After deleting your apps, Try to login with Facebook button.
TigMonkey
on 24 Oct 2017
@TigMonkey is good, but for the futures users?
trixobase
on 9 May 2019
What worked for me was putting:
app.use(passport.initialize());
app.use(passport.session());
before any other app.use. I was having a middleware error as well as the code been used one, this resolved both.
J-Kazama
on 1 May 2020
Related issues
Alys
·
4Comments
evanostroski
·
4Comments
Alys
·
4Comments
Frownigami1
·
4Comments
Alys
·
3Comments
Most helpful comment
I solved this error. Follow the progress.
Facebook Log in -> Settings -> Apps -> Logged in with Facebook -> Delete Your apps.
After deleting your apps, Try to login with Facebook button.