Passport: "This authorization code has been used" error in passport-facebook

Created on 1 Mar 2013  路  12Comments  路  Source: jaredhanson/passport

This is my piece of code

var passport = require('passport')
  , FacebookStrategy = require('passport-facebook').Strategy;

passport.use(new FacebookStrategy({
    clientID: <some_id>,
    clientSecret: '<some_secret>',
    callbackURL: "http://localhost:3000/auth/facebook/callback"
  },
  function(accessToken, refreshToken, profile, done) {
    console.log("Auth done");
  }
));

app.get('/auth/facebook', passport.authenticate('facebook'));

app.get('/auth/facebook/callback', 
  passport.authenticate('facebook', { successRedirect: '/',
                                      failureRedirect: '/login' }));

First time after authorization it succeeds and and print "Auth done" for me and i can also see "authToken" and all other params coming. After that i think from the callback url i get below error.

failed to obtain access token (status: 400 data: {"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}})
    at 
node_modules/passport-facebook/node_modules/passport-oauth/lib/passport-oauth/strategies/oauth2.js:125:38
    at exports.OAuth2.getOAuthAccessToken 
(node_modules/passport-facebook/node_modules/passport-oauth/node_modules/oauth/lib/oauth2.js:131:18)
    at passBackControl 
(node_modules/passport-facebook/node_modules/passport-oauth/node_modules/oauth/lib/oauth2.js:77:9)
    at IncomingMessage.exports.OAuth2._request.request.on.callbackCalled (node_modules/passport-facebook/node_modules/passport-oauth/node_modules/oauth/lib/oauth2.js:94:7)
    at IncomingMessage.EventEmitter.emit (events.js:126:20)
    at IncomingMessage._emitEnd (http.js:366:10)
    at HTTPParser.parserOnMessageComplete [as onMessageComplete] (http.js:149:23)
    at CleartextStream.socketOnData [as ondata] (http.js:1367:20)
    at CleartextStream.CryptoStream._push (tls.js:526:27)
    at SecurePair.cycle (tls.js:880:20)

Not able to figure out if i am doing something incorrectly.

Most helpful comment

You need to call done() inside of your FacebookStrategy callback. For testing you could just do

function(accessToken, refreshToken, profile, done) {
console.log("Auth done");
done(null, profile);
}

All 12 comments

You need to call done() inside of your FacebookStrategy callback. For testing you could just do

function(accessToken, refreshToken, profile, done) {
console.log("Auth done");
done(null, profile);
}

Thanks a lot. That worked !!!

I'm getting this issue with may appp.
In localhost it runs fine, but when I deploy to cloudfoundry I can't connect with facebook!!

Any Ideas?

Thanks!

@jimmyjacobson
thanks. you saved my day.

thanks a lot. in my case, i had a typo, but reading this was what spurred me to catch the typo. definitely needed is the:
done(null, ..whatever..);

I have the same same error and I have tried every possible code but still it doesn't works.

(accessToken, refreshToken, profile, done) => {
      User.findOne({ facebookId: profile.id }, (err, user) => {
        if(err) { return next(err); }
        if(!user) {
          // If user is not registered
          // Create new user
          console.log(profile);
          newUser = new User({
            firstname: profile._json.first_name,
            lastname: profile._json.last_name,
            // email: profile.email,
            facebookId: profile.id
          });
          // Save user
          newUser.save((error) => {
            if(error) {
              console.log(error);
            }
            return done(err, newUser);
          });

        } else {
          return done(err, user);
        }
      });
  }));
};

any resolutions on this? still stuck on the same problem

same issue

any solutions?

@kiknag
On line 3 have you tried using "done" instead of "next"
if(err) { return next(err); } -> if(err) { return done(err); }

If you're getting this its possible youre redirecting back to the auth route after successfully authenticating once.

If you're getting this its possible youre redirecting back to the auth route after successfully authenticating once.

That was my issue. Dumb, but I'd swapped the redirects for the original call and the callback.

To paraphrase Deep Throat: follow the routes.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

angel1st picture angel1st  路  5Comments

AdityaAnand1 picture AdityaAnand1  路  4Comments

wongeun picture wongeun  路  4Comments

scan picture scan  路  7Comments

callumacrae picture callumacrae  路  5Comments