David Krantz writes:
[LOCAL_IP] - - [19/Apr/2017:00:00:53 +0000] "GET /accounts/facebook/login/callback/?code=[LONG CRYPTO-LOOKING STRING] HTTP/1.1" 200 2129 "https://www.facebook.com/login/reauth.php?app_id=[MY_APP_ID_I_THINK]&signed_next=1&next=https://www.facebook.com/v2.8/dialog/oauth?redirect_uri=https%3A%2F%2Flists.example.com%2Faccounts%2Ffacebook%2Flogin%2Fcallback%2F&state=[ALPHANUM]&scope=public_profile+email&response_type=code&auth_type=reauthenticate&client_id=[NUMERIC]&ret=login&logger_id=[GUID]&cancel_url=https://lists.example.com/accounts/facebook/login/callback/?error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied&state=[ALPHANUm]#_=_&display=page&locale=sv_SE&logger_id=[GUID]"
You really should be asking this on a Django channel, preferably one specific to allauth. The OAuth protocols can be pretty complicated AIUI, and from your description "If I then reload the page, I get logged in!", it sounds to me like some kind of intermittent timing problem. That is probably something that only the maintainer of allauth would have a clue about.