FQL returns “Requires valid signature”

I am having a wierd problem, things that worked before stopped working today, maybe it was bad before but now after the oAUTH 2 change, I am having troubles with a near production app

this is what I try

$params = array('method'=>'fql.query','query' => 'SELECT uid2 FROM friend WHERE uid1 = me()');
$result =  $facebook->api($params);

I get:

Exception: 104: Requires valid signature

or more elaborated :

$config = array(
'appId'  => 'XXXXXXXXXXXXXXXX',
'secret' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX',
);

$facebook = new Facebook($config);

$uid = $facebook->getUser();

if ($uid){
 try {
        $access_t = $facebook->getAccessToken();
        $fql = 'SELECT uid2 FROM friend WHERE uid1 = '.$uid;
        $params = array('method' => 'fql.query', 'query' => 'SELECT uid2 FROM friend WHERE uid1 = '.$uid);
        $result = $facebook->api($params);
        echo $result;
        $friends = $facebook->api(array('method' => 'fql.query', 'query' => $fql, 'access_token' => $access_t));
        var_dump($friends);

 } catch (FacebookApiException $e) {
    echo $e; 
 }

this is the code I am using to validate the user and get the login info and permissions allowed:

$canvas_base_url = "https://apps.facebook.com/myapp/index.php?from=allow";
$params = array('scope' => 'publish_stream,email,offline_access,user_status,friends_status,friends_photos,user_photos,xmpp_login,user_online_presence,friends_online_presence',
'redirect_uri' => $canvas_base_url
);
$loginUrl = $facebook->getLoginUrl($params);

what am I doing wrong ?

This means the access token you are using is invalid. It has probably expired.

Here's a quote from the docs at http://developers.facebook.com/docs/authentication/:

In addition to the access token (the access_token parameter), the response contains the number of seconds until the token expires (the expires parameter). Once the token expires, you will need to re-run the steps above to generate a new code and access_token, although if the user has already authorized your app, they will not be prompted to do so again. If your app needs an access token with an infinite expiry time (perhaps to take actions on the user's behalf after they are not using your app), you can request the offline_access permission.

So you should re-run the steps to generate an access token, or require the offline_access permission.