So the first time a user attempts to authenticate my app using facebook, they always experience a 400 error. This generally means the redirect URL doesn't match what is stored in facebook. The second time they attempt to authenticate with facebook, they are successful and never will they experience the 400 error again, well kinda.
Anyhow after a tremendous amount of research I think I know the cause of the issue. I have the remember me token set to true which I believe is the cause of the issue. I may be wrong, so hopefully this can be clarified. What I notice is on failing authentication attempts, the redirect URL contains the session id which doesn't match the stored URL in facebook. Like I said, my guess is this is do to the remember me option, but I could be wrong. Once the cookie has been established for the first time, the session id no longer exist in the URL and authentication is successful. Question, How do we fix this? I seen this post http://osdir.com/ml/java-tynamo-user/2011-08/msg00019.html But I'm not sure how to fix this. example of a failing URL https://www.domain.com/facebook/oauth/blank/https:$002f$002fwww.domain.com$002fsignin$003bjsessionid$003d32A0E9F9059699D8F1FE8FA0AF678770;jsessionid=32A0E9F9059699D8F1FE8FA0AF678770?code=AQCPSg_nXwOqyQwznL0nKLKURKgmTCVSRlSr2ZEyyTVdj7MXMhbY4UTEILJhtXz39kJtVNLsysUSCJ8bRSXXdGzsFqbOASDT_WwGWxlMtP15o8iOT9uyJebDMOW6pusDNtMatogF7KtbTjb2T-6H6dx_ruULNHFhS0vbiCHo-fceuEyvXpKCzr_LnHyXEUsL6aVyJiX_gznUyK77AtkCVY1q0CBy-wi9jBrH-STjEZQkhzAse28N_mycL6-mbyefExbqQUbEQ6Ap9te5AOlM6uAunm-bQkpIzRUXEQNyvAH3a3o8tjQ-aKKniTRtF-PYZFKMG_1wH-_qLakXFOSDkg7Z#_=_ - George
