Problem Statement:
My current Facebook SSO flow stopped working because we are now using dynamic URLs to pass a unique web_key in the query string (e.g., https://myapp.com/login?web_key=abc123). However, Facebook requires the OAuth redirect URI to be a static, exact match, which conflicts with our current implementation.
After researching it seems we need to implement a solution where I:
-
Use a static OAuth redirect URI that can be registered with Facebook (e.g., https://myapp.com/auth/facebook/callback)
-
Still pass and recover the unique URL or add the web_keys back to the url during the SSO flow
Facebook dev SSO workflow instructions state- āstate. A string value created by your app to maintain state between the request and callback. This parameter should be used for preventing [Cross-site Request Forgery] and will be passed back to you, unchanged, in your redirect URI.ā"
Iām looking for guidance on how to use the OAuth state parameter to carry this dynamic data through the login flow and retrieve it after the callback.
Your support is much apricated.