Federated Sign In: Facebook Limited Login (iOS)

[LeeviKopakkala]

Is this related to a new or existing framework?

React Native

Is this related to a new or existing API?

Authentication

Is this related to another service?

Cognito

Describe the feature you'd like to request

Facebook announced that LimitedLogin is mandatory for iOS applications. This affects the way the login and its tokens are handled on iOS and therefore affects Amplify usage as well.

More information here: https://developers.facebook.com/blog/post/2024/05/09/fb-login-sdk-update/

Technical details

Android ✅

• Android continues to use the same AccessToken as before which is retrieved after successful Facebook login.

React Native example (aws-amplify 5.3.18):

const token = await AccessToken.getCurrentAccessToken();

const federatedResponse: FederatedResponse = {
    token: token,
    expires_at: expirationTime,
  };

const federatedUser: FederatedUser = {
  name: name,
  email: email,
};

await Auth.federatedSignIn(
  "facebook",
  federatedResponse,
  federatedUser,
);

iOS ❌

• On iOS the limited login now returns a different AuthenticationToken which has no access to the graph.facebook.com API and is also in a different format.

Limited Login returns an AuthenticationToken that wraps an OpenID Connect token (JWT) Source: https://developers.facebook.com/docs/facebook-login/limited-login/

[!CAUTION] Due to this update and Amplify incompatibility, our users are no longer to able to login to our application.

React Native example:

const token = await AuthenticationToken.getAuthenticationTokenIOS();

Issue

This new token is not supported by Amplify/Cognito and will return Invalid Token error.

NotAuthorizedException: Invalid login token. Token is invalid or expired.

Describe the solution you'd like

In order to continue to use Federated Login, the support for this new AuthenticationToken is required.

Describe alternatives you've considered

Alternatives: Custom provider, discontinue the feature, or discontinue the use of Amplify.

Additional context

No response

Is this something that you'd be interested in working on?

• [ ] 👋 I may be able to implement this feature request
• [X] ⚠️ This feature might incur a breaking change

[cwomack]

@LeeviKopakkala, thank you for opening this feature request and providing such great context! I'll review this with the team internally and follow up with any additional questions we have.