iOS Graph API Calls using FB.API Fail in 17.0.0

[kylejohnstonJC]

Checklist

• [x] I've updated to the latest released version of the SDK
• [x] I've searched for existing GitHub issues
• [x] I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group
• [x] I've read the Code of Conduct
• [x] This issue is not security related and can safely be disclosed publicly on GitHub

Environment

• Unity Editor Version: 2021.3.36
• Unity SDK Version: 17.0.0
• Installation Platform & Version: iOS version 17.4.1

Goals

A functioning FB.API interface on iOS that allows calls to be made to the Facebook Graph API.

Expected Results

The FB.API should provide a means to make requests to the Facebook Graph API if a login mode that yields an AccessToken is used.

Actual Results

When "Classic" Login is used with tracking enabled (either via FB.LogInWithReadPermissions or FB.Mobile.LoginWithTrackingPreference with LoginTracking.ENABLED passed through as the LoginTracking argument) all calls to Graph API through FB.API subsequently fail, throwing 400 errors.

Steps to Reproduce

1. Login to Facebook using one of the methods outlined in the previous section, LogInWithReadPermissions or LoginWithTrackingPreference, requesting access to permissions that you intend to leverage for Graph API calls.
2. Make a request using the FB.API interface, for example, querying their friends list via /me/friends.
3. Observe that the request returns a 400 Bad Request response.

Code Samples & Details

// Login to the app
string loginReadPermissions = "public_profile,email,user_friends";
FB.Mobile.LoginWithTrackingPreference(
  Facebook.Unity.LoginTracking.ENABLED, 
  new List<string>(loginReadPermissions.Split(',')),
  null,
  (result) =>
  {
     // Handle successful completion
  }
);

// Request friends list
string facebookFriendFields = "first_name,last_name,installed";
FB.API("/me/friends?fields=" + facebookFriendFields, HttpMethod.GET, (result) =>
  {
    // Request fails
    // result.Error reveals 400 error as cause
  }
);

[kylejohnstonJC]

On deeper investigation, it seems this outcome depends on the ATT (AppTrackingTransparency) dialog.

If the user denies these permissions when prompted, it seems the accessToken subsequently returned by the login process is invalid, causing all Graph API requests to fail.

[ertugrulerdogan]

We also experience the same issue. We want to update FB SDK because Apple requires privacy manifest for 3rd party SDKs and FB SDK implemented this feature in 17.0.0 version. Unfortunately, we can't update to 17.0.0 because of this bug, It breaks app functionality. Is there any plan to fix this issue in next release ?

[guthyerrz]

Hello,

We just found this same issue here in production and apparently this is an expected behaviour.

[My login access token is Invalid and/or I can’t check the expiration date of my access token after upgrading the iOS SDK to v17.0.0.0.](https://developers.facebook.com/docs/facebook-login/limited-login/faq/#faq_3803539939969324)
In response to [the upcoming changes to ATT enforcement](https://developer.apple.com/news/?id=3d8a9yyh), we made changes to the iOS SDK and the SDK no longer provides valid user access tokens in scenarios where the user opts out of ATT. The access token validation or Graph API requests may throw errors like OAuthException - “Invalid OAuth access token - Cannot parse access token”. Our recommendation is that users integrate Limited Login following the official documentation:

[Limited Login for iOS](https://developers.facebook.com/docs/facebook-login/limited-login/ios)
[Limited Login for Unity](https://developers.facebook.com/docs/facebook-login/limited-login/unity/)

REF: https://developers.facebook.com/docs/facebook-login/limited-login/faq/

To solve it we should implement the limited login functionality. https://developers.facebook.com/docs/facebook-login/limited-login/ios

[chinatragedy]

We also experience the same issue. We want to update FB SDK because Apple requires privacy manifest for 3rd party SDKs and FB SDK implemented this feature in 17.0.0 version. Unfortunately, we can't update to 17.0.0 because of this bug, It breaks app functionality. Is there any plan to fix this issue in next release ?

Apple only requires the privacy manifest, so you can manually copy those 'privacy manifest' files into your Xcode project.