Facebook Oauth Exception errors when slamming the graph api?

Question

We have recently been having problems with Facebook log in. As in every user that logged in would be able to do one graph call to /me and then we got on of two errors:

"message": "Error validating access token: The session has been invalidated because the user has changed the password." "message":"Error validating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons."

The first one seems to happen to new users on log in, and the second one happens more to people who have already authorized our app. It seems like they are able to get the Username for the first /me graph call, and then the oauth token gets screwed up for a long time (some of them eventually come back for some reason).

I recently found out that our code slams facebook twice for the me/home JSON. When I took this code out I was able to hit the graph API via Rest and it didn't give me the errors.

I've seen various errors mentioning issues with facebook but the problem was supposedly "fixed" and it's very hard to see why slamming facebook twice would kill our auth token - you'd think that we'd get a message about rate limiting.

Does anyone have an explanation for what this is? I still haven't verified that taking the second call out is the fix but so far it looks like it.

Answer 1

I've run into the same problem. Check out this blog post on how to deal with invalid access tokens - it explains how to re-authorize the user.

I have a theory that requests get re-routed once they hit their system, and thus get executed multiple times. It's unproven, but I've definitely had issues where I was only sending 1 request, but 2 or 3 seemed to fire off. Interestingly enough, I've seen that if you provide a de-authorize callback URL and someone uninstalls your app, Facebook will call that URL 3 times. That made for some interesting logs...

Unfortunately, developing for Facebook is like the wild west... it's lawless and they often say one thing and mean another (or in this case claim something is fixed when it isn't.)