Inconsistent “Invalid OAuth 2.0 Access Token” errors – Hottest Bug Closed

The hottest bug Inconsistent “Invalid OAuth 2.0 Access Token” errors had been closed officially!

According to Douglas, the following cases / problems that lead to an “Invalid OAuth 2.0 Access Token” had been fixed,

1. global cache inconsistency.  this was the issue that was first reported and fixed.
2. old php sdk version that pulled session info from query parameters, not signed_request.  this is the cause of the “infinite redirect”.  not technically a bug (we only support the most recent version of the sdk), but there were reports of this on this bug.
3. db replication latency between two data centers. the latest issue that we just finished — no code change — just a config change on our end.

If you still encounter this by using the latest PHP SDK, check if you are falling into one the following cases mentioned by Douglas,

there was also a report of an issue with the php sdk, multiple users on a single browser, and cookies that we are looking at, but that doesn’t appear to be widespread and it has a workaround (btw: my personal opinion, but anything
that magically sets cookies that your app depends on is something to be avoided).

Personally I have similar experience where my client complains one piece of my work before.  What he did are

  • By using the same browser session, he logout that account from and login another user, say user B.
  • Then he access the app again.

By app failed at that time at I have done caching myself on the facebook session.  As the same browser is used, the previous user’s facebook session is used and that causes the problem.  This kind of issue is fixed by checking validity of the cached session by using the signed request.

If you still encounter the “same” problem, then I think you need to take note the following comments from Douglas,

1. we review every single bug that comes in.
2. votes and comments really don’t matter in how we triage.
3. what does matter is our ability to _repro_ the issue and the number of impacted _users_.
4. adding additional comments here without a repro doesn’t help anyone.
5. please open a new issue _with_ repro steps if you are still getting this error.
6. ‘are you sane’ or ‘my app doesn’t work’ are not repro steps.

Combining different problems into one report is hard to trace and opening new reports for the other cases sound good.  And most importantly, I think we need to include more specific information with repro steps.  I understand that at times when we are getting error from the Facebook platform, we are frustrated and simply wanted that to be fixed.  But still, providing concrete information will certainly help to get this fixed in the shortest period of time.  This is particular true as you or me is not the only who that reports bugs to Facebook.

This entry was posted in news and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *