Limited login implementation

[AlvinTCH]

Similar to pull request #94 , I have added my own implementation for capacitor 6, with updated readme for easier understanding This is quite urgent as limitedLogin is forced upon the current fbsdk

Let me know if the code can be improved or if the readme is unclear

[AlvinTCH]

I have created a npm package for anyone who would like to try this implementation out

[ciccilleju]

hello @AlvinTCH , do you think this will solve my issue with iOS

with version 5.0.3 everything works fine

[AlvinTCH]

@ciccilleju Do you have an issue talking to your backend to verify the token currently? I think there is a setting that is turned on by default that is related to the advertising tracker blocking for iOS. If the advertising tracker setting is turned on, the normal facebook login will result in a invalid token, then you will need the limitedLogin function in this implementation. Do note that you will need to change some things in your backend as well to verify the facebook limited login tokens as limitedLogin returns JWT instead of OAuth2 tokens.

[ciccilleju]

Exactly, I think the backend needs some additional adjustment because right now it says the token isn’t valid

Thank you I will check as soon as possible

-

Il giorno gio 2 mag 2024 alle 02:23 AlvinT @.***> ha scritto:

@ciccilleju https://github.com/ciccilleju Do you have an issue talking to your backend to verify the token currently? I think there is a setting that is turned off by default that is related to the advertising tracker. If the advertising tracker setting is turned off, the normal facebook login will result in a invalid token, then you will need limitedLogin. Do note that you will need to change some things in your backend as well to verify the facebook limited login tokens as limitedLogin returns JWT instead of OAuth2 tokens.

— Reply to this email directly, view it on GitHub https://github.com/capacitor-community/facebook-login/pull/150#issuecomment-2089330484, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKFB5GSVMNZJOBBERK3MHYTZAGBPDAVCNFSM6AAAAABHAUEJGSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBZGMZTANBYGQ . You are receiving this because you were mentioned.Message ID: @.***>

[ciccilleju]

@ciccilleju Do you have an issue talking to your backend to verify the token currently? I think there is a setting that is turned on by default that is related to the advertising tracker blocking for iOS. If the advertising tracker setting is turned on, the normal facebook login will result in a invalid token, then you will need the limitedLogin function in this implementation. Do note that you will need to change some things in your backend as well to verify the facebook limited login tokens as limitedLogin returns JWT instead of OAuth2 tokens.

there is any chance to continue using the normal login? because that doesn't work anymore with version 6.0.0 but works with versione 5.0.3 without changing any backend part or fe part

[AlvinTCH]

@ciccilleju Do you have an issue talking to your backend to verify the token currently? I think there is a setting that is turned on by default that is related to the advertising tracker blocking for iOS. If the advertising tracker setting is turned on, the normal facebook login will result in a invalid token, then you will need the limitedLogin function in this implementation. Do note that you will need to change some things in your backend as well to verify the facebook limited login tokens as limitedLogin returns JWT instead of OAuth2 tokens.

there is any chance to continue using the normal login? because that doesn't work anymore with version 6.0.0 but works with versione 5.0.3 without changing any backend part or fe part

unfortunately no. this is kind of forced upon us with fbsdk v17, which is the latest fbsdk that we are using with capacitor v6. unless facebook changes their decision, there isn't much we can do about it

[ciccilleju]

@ciccilleju Do you have an issue talking to your backend to verify the token currently? I think there is a setting that is turned on by default that is related to the advertising tracker blocking for iOS. If the advertising tracker setting is turned on, the normal facebook login will result in a invalid token, then you will need the limitedLogin function in this implementation. Do note that you will need to change some things in your backend as well to verify the facebook limited login tokens as limitedLogin returns JWT instead of OAuth2 tokens.

there is any chance to continue using the normal login? because that doesn't work anymore with version 6.0.0 but works with versione 5.0.3 without changing any backend part or fe part

unfortunately no. this is kind of forced upon us with fbsdk v17, which is the latest fbsdk that we are using with capacitor v6. unless facebook changes their decision, there isn't much we can do about it

all clear, thank you. If i 've understood it right this could be the FE code: ` async fbLoginIOS(FACEBOOK_PERMISSIONS: string[]) {

const result = await (<any>(
  FacebookLogin.limitedLogin({ permissions: FACEBOOK_PERMISSIONS, tracking: 'limited' })
));

this.loginFacebook(result.authenticationToken.token, result.authenticationToken.userId, result.authenticationToken.email);

// and here calling my backend where now if its a request from a iOS device, must check a JWT token }

`

[AlvinTCH]

FacebookLogin.limitedLogi

Yes the code looks correct to me. You can refer to this link for more info on checking the JWT

Here is a sample python code that I was using to test this implemenation for your reference

import jwt
from jwt import PyJWKClient

facebook_social_token = "<facebok social token here>"

jwks_client = PyJWKClient(
    'https://limited.facebook.com/.well-known/oauth/openid/jwks/'
)
signing_key = jwks_client.get_signing_key_from_jwt(facebook_social_token)

# try to decode the facebook token
facebook_data = jwt.decode(
    facebook_social_token,
    signing_key.key,
    algorithms=["RS256"],
    iss="https://www.facebook.com",
    options={"verify_aud": False}
)

[MaximeSIMET]

Hi @AlvinTCH and thank you for your fork!

I've implemented it & i'm now calling the new limitedLogin method.

await FacebookLogin.limitedLogin({ permissions: [], tracking: 'limited' })

However, i can still see this warning from facebook

Did i miss anything ? Thank you 🙏

[ciccilleju]

the message isn't a problem, it's just a "warning" you must use the tracking data plugin too

[MaximeSIMET]

@ciccilleju from what I understand, using the limited login implemented by @AlvinTCH means you don't have to implement the tracking data plugin.

I'd like to avoid having to ask for this authorization as well, as it may discourage our users from using this connection method.

[ciccilleju]

Yes true but you just change how you authenticate and validate the token after, in case you are using the limited login version the token is now JWT—Francesco De GiorgioTel. (+39) 349 393 21 @. giorno 8 lug 2024, alle ore 13:35, Maxime @.> ha scritto: @ciccilleju from what I understand, using the limited login implemented by @AlvinTCH means you don't have to implement the tracking data plugin. I'd like to avoid having to ask for this authorization as well, as it may discourage our users from using this connection method.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[AlvinTCH]

@MaximeSIMET The message can be ignored as long as you have moved to use the limited login and if you do not want to use the data tracking plugin. You can test the JWT returned with the sample python code written above to verify if this function works on your end