Receive error: The code has been used or has expired

[ahallock]

This had been working flawlessly for about 6 months, but after logging out, I keep getting the following error when trying to log back in:

%Ueberauth.Failure{
  errors: [
    %Ueberauth.Failure.Error{
      message: "The code has been used or has expired",
      message_key: "invalid_code"
    }
  ],
  provider: :facebook,
  strategy: Ueberauth.Strategy.Facebook
}

I've deleted the test FB app and created a new one, upgraded to the latest version of this package and also Ueberauth. Makes me think something has changed on FB's end.

Is there a way to debug this more? Would be happy to submit a PR

[ahallock]

Looks like the underlying error is:

Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.

[yordis]

@ahallock is that Facebook configuration setting issue? I am not sure of this issue honestly.

[ahallock]

@yordis It must be. I've tried every combination I could think of. It's supposed to work with localhost afaik, but I can't make it past this error for my local. I set both app domain and Site URL:

[yordis]

@ahallock is this Intellectual Property? Or something open-source and/or we can pair on it?

I see a lot of issues from people with Facebook providers lately, and it is hard to figure out what is actually broken.

[ahallock]

@yordis it's just a basic project I'm using to learn -- no IP. Would be happy to pair on it.

[talhaazeem-invozone]

I am having the same issue. I truncated the user table and then tried to do login again it gave me the same error.

[shahryarjb]

Unfortunately, I have the same issue

%Ueberauth.Failure{
  errors: [
    %Ueberauth.Failure.Error{
      message: "The code has been used or has expired",
      message_key: "invalid_code"
    }
  ],
  provider: :facebook,
  strategy: Ueberauth.Strategy.Facebook
}

I set localhost in my test app

I test directly

IO.inspect Ueberauth.Strategy.Facebook.OAuth.get_token!([code: code], [])

and I have this error:

www-authenticate: OAuth "Facebook Platform" "invalid_code" "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"

[msaurabhee]

I am having this same issue. Looks like something changed on facebook side?

[msaurabhee]

How can I become a contributor? I need to commit this change:

diff --git a/lib/ueberauth/strategy/facebook.ex b/lib/ueberauth/strategy/facebook.ex
index 462a5ad..f708bfe 100644
--- a/lib/ueberauth/strategy/facebook.ex
+++ b/lib/ueberauth/strategy/facebook.ex
@@ -65,8 +65,7 @@ defmodule Ueberauth.Strategy.Facebook do
         fetch_user(conn, client, config)
       end
     rescue
-      OAuth2.Error ->
-        set_errors!(conn, [error("invalid_code", "The code has been used or has expired")])
+      e -> set_errors!(conn, [error("get_token_error", e)])
     end
   end

[shahryarjb]

@msaurabhee fork this project and change the lines you want and after that send a pull request to this repo 🤔

[msaurabhee]

Already done #70

[msaurabhee]

So my issue was callback_url was coming as http:// not https which was registered on facebook.

So I passed facebook strategy as following:

      {Ueberauth.Strategy.Facebook,
       [
         auth_type: "rerequest",
         callback_scheme: "https"
       ]},

To use the above strategy, you must use ueberauth 0.8.0 which is not published on hex. Use it as:

{:ueberauth, "~> 0.8.0", github: "ueberauth/ueberauth", branch: "master", override: true},

[yordis]

#70 got merged, feel free to reopen the ticket