Error with facebook verification code using coldfusion

Question

I have a facebook application that was using a CFC I had found on RIAForge to authenticate the user/app and allow permissions (this one) but it no longer works. So I set about writing a version of Facebook's PHP example as CFML. But when I get to the point of retrieving the access token I get the following error back from facebook:

OAuth "Facebook Platform" "invalid_code" "Error validating verification code."

There is no problem with the setup of the app in facebook as I have tested the PHP code provided by them with my details and it works fine. Please find below the PHP example and also where I have got to using CF.

PHP:

$app_id = "YOUR_APP_ID";
$app_secret = "YOUR_APP_SECRET";
$my_url = "YOUR_URL";

session_start();
$code = $_REQUEST["code"];

if(empty($code)) {
 $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
 $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" 
   . $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
   . $_SESSION['state'];

 echo("<script> top.location.href='" . $dialog_url . "'</script>");
 }

 if($_REQUEST['state'] == $_SESSION['state']) {
 $token_url = "https://graph.facebook.com/oauth/access_token?"
   . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
   . "&client_secret=" . $app_secret . "&code=" . $code;

 $response = @file_get_contents($token_url);
 $params = null;
 parse_str($response, $params);

 $graph_url = "https://graph.facebook.com/me?access_token=" 
   . $params['access_token'];

 $user = json_decode(file_get_contents($graph_url));
 echo("Hello " . $user->name);
 }
 else {
 echo("The state does not match. You may be a victim of CSRF.");
 }

 ?> 

CFML:

<cfset appID = "app_id"/>
<cfset secret_key = "secret_key"/>
<cfset app_url = "app_url"/>

<cfparam name="URL.Code" default="0">
<cfparam name="URL.State" default="0">
<cfset code_ = URL.Code>

<cfif code_ EQ "" OR code_ EQ 0>
  <cfset SESSION.State = Hash(CreateUUID(),"MD5")>
  <cfset dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" & appID &    "&redirect_uri=" & app_url & "?State=" & SESSION.State>
  <cf_Javascript type="script" script="top.location.href='#dialog_url#'">
</cfif>

<cfif SESSION.State EQ URL.State>
  <cfset token_url = "https://graph.facebook.com/oauth/access_token?client_id=" & appID & "&redirect_uri=" & app_url & "&client_secret=" & secret_key & "&code=" & code_>
  <cfhttp url="#token_url#" result="AccessToken" method="GET">
  <cfdump var="#AccessToken#">
</cfif>

Answer 1

I feel very stupid, I had used an question mark rather than an ampersand in front of the state URL parameter when setting the dialog URL.