When a user does not allow app tracking, the login uses a new 'limited login' flow that returns an OIDC token. This token can not be used to access Facebook's Graph API. That means the current Facebook provider does not work in this 'limited login' flow. Apple requires you to use Facebook's latest SDK version. That SDK version uses this new 'limited login' flow. This makes the current Facebook socialite provider unusable when validating a Facebook login via iOS SDK.
This PR fixes that by adding support for the OIDC token in a way that does not break or impact the regular Facebook login.
Facebook recently made changes to its Facebook Login on iOS: https://developers.facebook.com/blog/post/2024/03/28/changes-made-to-fb-login-sdk/
When a user does not allow app tracking, the login uses a new 'limited login' flow that returns an OIDC token. This token can not be used to access Facebook's Graph API. That means the current Facebook provider does not work in this 'limited login' flow. Apple requires you to use Facebook's latest SDK version. That SDK version uses this new 'limited login' flow. This makes the current Facebook socialite provider unusable when validating a Facebook login via iOS SDK.
This PR fixes that by adding support for the OIDC token in a way that does not break or impact the regular Facebook login.
I implemented the validation of the OIDC token based on Facebook's documentation: https://developers.facebook.com/docs/facebook-login/limited-login/token/validating
Example of a user returned from the
userFromToken()
method when an OIDC token was provided:I did not add tests as I don't really see a way how I can write a test for this.