Facebook Limited Login

[abador]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [X] I have joined the Ory Community Slack.
• [X] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

Facebook is supporting limited login for users that opt-out from tracking : https://developers.facebook.com/docs/facebook-login/limited-login/ . This flow is different than a standard OIDC flow that is supported by Kratos. This might be something that other providers will also support in one way or the other. How it Works Limited Login returns an AuthenticationToken that wraps an OpenID Connect token. The ID token cannot be used to request additional data using the Graph API, such as friends, photos, or pages, and it cannot be used to get other tokens, such as Page or session info tokens. Doing so requires the use of classic Facebook Login (which does not support Limited Login safeguards).

Describe your ideal solution

A new limited API flow is added to Kratos. We would need:

• JWT token validation
• using the token payload to link/unlink/login via the API

Workarounds or alternatives

Building an external application that supports JWT tokens

Version

1.1.0 with small changes

Additional Context

No response