FacebookAuthorizationCodeUsedException when fetching a page access token

StackOverflow https://stackoverflow.com/questions/17353272

Question

I have existing code that uses a constant value for clientID to fetch a FacebookPage access token. That static value comes from when I deploy to GAE. But since I have many appIDs, I would like this to be dynamic instead. This is the line that completes the authorization and spits out a code:

String url = "https://www.facebook.com/dialog/oauth" + "?client_id=" + 
FacebookHelper.app().getAppId() + "&redirect_uri=" 
+getCallbackUrlForPageManager(stationId) + "&scope=" + permissions;

So instead of FacebookHelper.app().getAppId() (the constant value), I fetch a station object from stationID, and then fetch its String AppID.

I have absolutely, 100%, confirmed that the request and callback URLs match:

INFO :FacebookPageOAu:16-51-50:OAuthUrl.PageManager: https://www.facebook.com/dialog/oauth?client_id=370611419689390&redirect_uri=http://dwinq-monolith-dev.appspot.com/facebookPageOAuth/pageManager/1&scope=email,publish_actions,publish_stream,read_stream,offline_access,user_activities,user_birthday,user_checkins,user_education_history,user_hometown,user_interests,user_likes,user_location,user_notes,user_photos,user_relationships,user_status,user_videos,friends_about_me,friends_activities,friends_birthday,friends_checkins,friends_education_history,friends_hometown,friends_interests,friends_likes,friends_location,manage_pages

INFO :AdministratorSe:16-51-50:LoginURL: https://www.facebook.com/dialog/oauth?client_id=370611419689390&redirect_uri=http://dwinq-monolith-dev.appspot.com/facebookPageOAuth/pageManager/1&scope=email,publish_actions,publish_stream,read_stream,offline_access,user_activities,user_birthday,user_checkins,user_education_history,user_hometown,user_interests,user_likes,user_location,user_notes,user_photos,user_relationships,user_status,user_videos,friends_about_me,friends_activities,friends_birthday,friends_checkins,friends_education_history,friends_hometown,friends_interests,friends_likes,friends_location,manage_pages ForStationID: 1

I've tested with an without a forward slash (/) at the end of my redirectURI at the suggestion of other resolved questions. With the static clientID all completes just fine without the slash at all.

When I use the dynamic app ID (and both URLs still match exactly), I get this error without a slash:

Uncaught exception from servlet
dwinq.common.social.FacebookAuthorizationCodeUsedException: Internal Facebook Exception: 100 message: 'Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request
    at dwinq.spoke.servlet.FacebookOAuth.callOAuth(FacebookOAuth.java:280)
    at dwinq.spoke.servlet.FacebookOAuth.fetchTokenFromCallback(FacebookOAuth.java:850)
    at dwinq.hub.servlet.FacebookPageOAuth.fetchTokenfromCallbackForPageManager(FacebookPageOAuth.java:98)
    at dwinq.hub.servlet.FacebookPageOAuth.acceptedPageManagerPermissions(FacebookPageOAuth.java:73)
    at dwinq.hub.servlet.FacebookPageOAuth.handle(FacebookPageOAuth.java:30)
    at dwinq.common.servlet.AbstractServlet.doGet(AbstractServlet.java:50)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
....

And when I do use a slash, this error:

Uncaught exception from servlet
java.lang.NumberFormatException: For input string: ""
    at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
    at java.lang.Long.parseLong(Long.java:450)
    at java.lang.Long.<init>(Long.java:690)
    at dwinq.hub.servlet.FacebookPageOAuth.acceptedPageManagerPermissions(FacebookPageOAuth.java:41)
    at dwinq.hub.servlet.FacebookPageOAuth.handle(FacebookPageOAuth.java:30)
    at dwinq.common.servlet.AbstractServlet.doGet(AbstractServlet.java:50)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
....

Any thoughts? If more info is needed I can provide specific info.

Was it helpful?

Solution

Solved. How? The redirect URI was reconstructed in another class without me being aware. I utilized server side logs rather than a local server in order to double check the URIs.

In addition, I was trying to parse the URI assuming that the last slash was NOT at the end of the redirectURI, which was incorrect.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top