It seems like Facebook's new release on December 5th is causing some issues for me. Is anyone else getting this error?

Koala::Facebook::APIError (OAuthException: This authorization code has been used.)

I am able to oauth, but when I issue a call, doing the following...I get the error. i.e. the below:

@friends = graph.get_object("/me/friends")

Here was the Facebook Update:

New security restrictions for OAuth authorization codes We will only allow authorization codes to be exchanged for access tokens once and will require that they be exchanged for an access token within 10 minutes of their creation. This is in line with the OAuth 2.0 Spec which from the start has stated that "authorization codes MUST be short lived and single use". For more information, check out our Authentication documentation.

If anyone could help, or even more specifically clarify what the Facebook update means, that would be really helpful. I am getting this using the Rails Koala Gem.

It seems to be reported here, but no answers have been helpful.

http://developers.facebook.com/bugs/121266004701942?browse=search_50c113068fae60719135553

Have you inserted the gem omniauth_facebook? Put the following code in intializers/omniauth.rb.

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['app_id'], ENV['secret_id']
end

This frustrating change of theirs - basically you need to cache in the session anytime you load get_user_info_from_cookies

  fb_user = session[:fb_info] || oauth.get_user_info_from_cookies(cookies)
  session[:fb_info] = fb_user
  session[:fb_token] = fb_user['access_token'] # is is the right one?

It's unfortunately still going to raise errors sometimes because it'll be a really old code from an expired session. I wrap it in a begin / rescue block and ask the user to click to bounce back to oauth again (which will get a new token), or to try logging in without facebook / etc.