Add support for Facebook auth JWT token

mtrezza commented 5 months ago

New Feature / Enhancement Checklist

Report security issues confidentially.
Any contribution is under this license.
Before posting search existing issues.

Current Limitation

Due to Apple's ATT requirements, the "normal" Facebook Login requires a user to allow app tracking. For users who do not allow app tracking, Facebook Limited Login must be used instead, which uses JWT for authentication. Parse Server currently only supports the token provided by "normal" Facebook Login. It does not support the token generated by Limited Login.

This is an urgent issue, because:

The majority of users does not allow app tracking, so developers must often fall back to Limited Login.
The Facebook SDKs <= 16 are rejected by AppStore review because they lack the privacy manifest file. The Facebook SDK 17 automatically prohibits "normal" Login and requires Limited Login if the user has not allowed app tracking.

That means that Parse Server (and possibly the Parse Apple SDK) currently do not support Facebook auth when submitting a new app or an app update to the AppStore with Facebook SDK 17.

See https://github.com/parse-community/Parse-SDK-iOS-OSX/issues/1787

Feature / Enhancement Description

Extend the Facebook auth adapter, so that it supports JWT auth from Facebook Limited Login. Ideally, no change will be required on the Parse Apple SDK side.

Alternatives / Workarounds

Unknown.

3rd Party References

parse-github-assistant[bot] commented 5 months ago

Thanks for opening this issue!

🎉 We are excited about your ideas for improvement!

mtrezza commented 5 months ago

Note: The bounty scope includes https://github.com/parse-community/Parse-SDK-iOS-OSX/issues/1787.

mtrezza commented 4 months ago

For reference, here the PR that implemented FB limited login server side: https://github.com/parse-community/parse-server/pull/7219. It defined:

Classic Graph API login (no change)

{
  id: "your_facebook_id",
  access_token: "facebook_graph_api_access_token"
}

Limited Login

{
  id: "your_facebook_id",
  token: "openid_token"
}

parseplatformorg commented 4 months ago

🎉 This change has been released in version 6.5.6

parseplatformorg commented 4 months ago

🎉 This change has been released in version 7.1.0-alpha.7

parseplatformorg commented 3 months ago

🎉 This change has been released in version 7.1.0-beta.1

parseplatformorg commented 3 months ago

🎉 This change has been released in version 7.1.0

pdkcoder commented 1 month ago

For some reason, I can only use below structure for both Limited and Classic: (Parse server 7.2.0)

{
  id: "your_facebook_id",
  token: "openid_token"
}

If I replace token by access_token in classic mode, it says:

Status Code: 101
Type: ObjectNotFound
Error: Facebook auth is invalid for this user.

mtrezza commented 1 month ago

@pdkcoder Does it work for both classic and limited login?

pdkcoder commented 3 weeks ago

Hi @mtrezza Yes it works for both

mtrezza commented 3 weeks ago

@pdkcoder Could you open a new issue and describe the issue in more detail with sample code?

parse-community / parse-server